Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe

Overview

General Information

Sample name:SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe
Analysis ID:1528522
MD5:34c8e1d5de3565d30012425d880ab514
SHA1:866082315a5cdea3d26d8edc905065f509158f61
SHA256:fb128fb5731c85a480df19fdb74925d5200b1729cf7478a088ec31c0ba944fba
Tags:AdwareGenericexe
Infos:

Detection

Score:30
Range:0 - 100
Whitelisted:false
Confidence:0%

Signatures

Malicious sample detected (through community Yara rule)
PE file has nameless sections
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to evade debugger and weak emulator (self modifying code)
Abnormal high CPU Usage
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Form action URLs do not match main URL
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTML page contains hidden javascript code
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe (PID: 5588 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe" MD5: 34C8E1D5DE3565D30012425D880AB514)
    • SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp (PID: 1196 cmdline: "C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp" /SL5="$1040C,24100606,908800,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe" MD5: 622B58CAEE5DCD88A475F7431D706D7B)
      • ImBatch.exe (PID: 5820 cmdline: "C:\Program Files (x86)\ImBatch\ImBatch.exe" MD5: A2E5679917DE0C043AED253E90F1E6A0)
      • chrome.exe (PID: 7124 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.highmotionsoftware.com/products/imbatch/thankyou MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 352 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=2436,i,14634067751005810082,15773404869222309641,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\ImBatch\is-8GFDD.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
    C:\Program Files (x86)\ImBatch\is-GR2NP.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000004.00000002.3980690776.00000000022C0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_a7da40b7unknownunknown
      • 0xb04a:$a: 18 B9 10 00 00 00 83 E2 0F 2B CA 3B 4D 14 76 03 8B 4D 14 8D 5C
      00000004.00000002.3980029463.00000000020F8000.00000040.00000001.01000000.00000007.sdmpWindows_Trojan_RedLineStealer_a7da40b7unknownunknown
      • 0xb058:$a: 18 B9 10 00 00 00 83 E2 0F 2B CA 3B 4D 14 76 03 8B 4D 14 8D 5C
      00000004.00000002.3980029463.00000000020F8000.00000040.00000001.01000000.00000007.sdmpWindows_Trojan_RedLineStealer_d4b38e13unknownunknown
      • 0x838d:$a: 5B 5D C2 04 00 8B C2 5F 5E 5B 5D C2 04 00 55 8B EC 57 8B 45 08 0F

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-10-08T00:41:17.749448+020028032742Potentially Bad Traffic192.168.2.849782172.67.164.223443TCP
      2024-10-08T00:41:18.495488+020028032742Potentially Bad Traffic192.168.2.849787172.67.164.223443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results
      Source: https://www.highmotionsoftware.com/products/imbatch/thankyouHTTP Parser: Form action: https://www.bolidesoft.com/ssendy/subscribe highmotionsoftware bolidesoft
      Source: https://www.highmotionsoftware.com/products/imbatch/thankyouHTTP Parser: Base64 decoded: RS}r*dq?W
      Source: https://www.highmotionsoftware.com/products/imbatch/thankyouHTTP Parser: Iframe src: //www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2FImBatch&width=550&height=290&show_faces=true&colorscheme=light&stream=false&border_color&header=true&appId=254901247880888
      Source: https://www.highmotionsoftware.com/products/imbatch/thankyouHTTP Parser: No favicon
      Source: https://www.highmotionsoftware.com/products/imbatch/thankyouHTTP Parser: No <meta name="author".. found
      Source: https://www.highmotionsoftware.com/products/imbatch/thankyouHTTP Parser: No <meta name="copyright".. found
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
      Source: unknownHTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49713 version: TLS 1.0
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeStatic PE information: certificate valid
      Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.8:49708 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.164.223:443 -> 192.168.2.8:49782 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.193.111.117:443 -> 192.168.2.8:49786 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49798 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49831 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.8:49885 version: TLS 1.2
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: Binary string: D:\Develop\VisualStudio\DirectXTex\DirectXTex-master\DirectXTex\Bin\Desktop_2017\Win32\Release\DirectXTex.pdb source: ImBatch.exe, 00000004.00000002.4048877363.000000006E6A2000.00000002.00000001.01000000.0000000E.sdmp
      Source: Binary string: D:\Develop\VisualStudio\heif\Release\heif.pdb source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000002.1668038621.000000000018C000.00000004.00000010.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4049911354.000000006EB0F000.00000002.00000001.01000000.00000012.sdmp
      Source: Binary string: {D:\Develop\VisualStudio\DirectXTex\DirectXTex-master\DirectXTex\Bin\Desktop_2017\Win32\Release\DirectXTex.pdb source: ImBatch.exe, 00000004.00000002.4048877363.000000006E6A2000.00000002.00000001.01000000.0000000E.sdmp
      Source: Binary string: D:\Delphi Projects\ImBatchContextMenu\x64\Release\ImBatchContextMenuHandler-x64.pdb source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: D:\Delphi Projects\ImBatchContextMenu\Release\ImBatchContextMenuHandler.pdb! source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: YD:\Delphi Projects\ImBatchContextMenu\x64\Release\ImBatchContextMenuHandler-x64.pdb source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: D:\Develop\VisualStudio\webp\Output\Win32\Release\webp.pdb source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4048026498.000000006D4B1000.00000002.00000001.01000000.00000011.sdmp
      Source: Binary string: D:\Delphi Projects\PhotoshopHost\pspiHost\Out\Win32\Release\pspiHost.pdb source: ImBatch.exe, 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmp
      Source: Binary string: D:\Delphi Projects\ImBatchContextMenu\Release\ImBatchContextMenuHandler.pdb source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmp
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE3A3CC FindFirstFileW,FindClose,4_2_0EE3A3CC
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE39E64 GetModuleHandleW,GetProcAddress,lstrcpynW,lstrcpynW,lstrcpynW,FindFirstFileW,FindClose,lstrlenW,lstrcpynW,lstrlenW,lstrcpynW,4_2_0EE39E64
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE44A84 FindFirstFileW,FindClose,4_2_0EE44A84
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_1023590A FindFirstFileA,_strlen,GetDriveTypeA,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,4_2_1023590A
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_1000D580 FindFirstFileA,FindFirstFileA,FindFirstFileA,4_2_1000D580
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_6C5D28DF FindFirstFileExW,4_2_6C5D28DF
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_6C5CD344 FindFirstFileExW,__Read_dir,FindClose,std::tr2::sys::_Strcpy,4_2_6C5CD344
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4x nop then mov eax, 00002018h4_2_1000475A
      Source: global trafficHTTP traffic detected: POST /bc/put.php?v=1&pid=110&w=cd&cid={DC960FFD-14A7-48B7-83D1-6FA0A6445A05}&h=1a5f27020f5d05939025c0cc7616f480 HTTP/1.1Host: www.bolidesoft.com:443Content-Type: multipart/form-data; boundary=--------100724184117203Content-Length: 4272Connection: Keep-AliveCache-Control: no-cacheCookie: PHPSESSID=5af2178aef7e776b5dd854a267c1cd0f
      Source: Joe Sandbox ViewIP Address: 104.16.79.73 104.16.79.73
      Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
      Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
      Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49787 -> 172.67.164.223:443
      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49782 -> 172.67.164.223:443
      Source: unknownHTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49713 version: TLS 1.0
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
      Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
      Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
      Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
      Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
      Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
      Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
      Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
      Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 152.199.19.74
      Source: unknownTCP traffic detected without corresponding DNS query: 104.18.21.226
      Source: unknownTCP traffic detected without corresponding DNS query: 152.199.19.74
      Source: unknownTCP traffic detected without corresponding DNS query: 152.199.19.74
      Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cL3SfTB3m4YLydf&MD=8HgmYluO HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
      Source: global trafficHTTP traffic detected: GET /products/imbatch/thankyou HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /vi/m4a7nHpFuzw/0.jpg HTTP/1.1Host: img.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIk6HLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.highmotionsoftware.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /imbatch/localized.svg HTTP/1.1Host: badges.crowdin.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.highmotionsoftware.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /modules/system/system.base.css?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /modules/system/system.menus.css?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /modules/system/system.messages.css?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /modules/system/system.theme.css?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /modules/comment/comment.css?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /modules/field/theme/field.css?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /vi/gMkjyUNksR4/0.jpg HTTP/1.1Host: img.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIk6HLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.highmotionsoftware.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /vi/vx4aQB92rWE/0.jpg HTTP/1.1Host: img.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIk6HLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.highmotionsoftware.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /modules/node/node.css?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /modules/search/search.css?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /modules/user/user.css?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /sites/all/modules/ctools/css/ctools.css?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /modules/locale/locale.css?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /sites/all/libraries/superfish/css/superfish.css?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /vi/vx4aQB92rWE/0.jpg HTTP/1.1Host: img.youtube.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIk6HLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /sites/all/libraries/superfish/style/coffee.css?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /sites/all/themes/freshmade/style.css?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /misc/jquery.js?v=1.4.4 HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /misc/jquery-extend-3.4.0.js?v=1.4.4 HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /misc/jquery-html-prefilter-3.5.0-backport.js?v=1.4.4 HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /misc/jquery.once.js?v=1.2 HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /misc/drupal.js?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /misc/jquery-extend-3.4.0.js?v=1.4.4 HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /sites/all/libraries/superfish/jquery.hoverIntent.minified.js?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /sites/all/libraries/superfish/superfish.js?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /sites/all/libraries/superfish/supersubs.js?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /misc/jquery-html-prefilter-3.5.0-backport.js?v=1.4.4 HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /misc/jquery.once.js?v=1.2 HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /upd/imbatch/version HTTP/1.1User-Agent: ImBatchUpdaterHost: www.highmotionsoftware.com
      Source: global trafficHTTP traffic detected: GET /sites/all/modules/superfish/superfish.js?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /misc/jquery.js?v=1.4.4 HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /a/banner/check.php?pid=110&b=762&l=0&f=n&ab=%3CClick%20to%20set%20your%20name%20here%3E&c=91DA9E9C&cid={DC960FFD-14A7-48B7-83D1-6FA0A6445A05}&rc=1&nocache=148 HTTP/1.1User-Agent: ImBatchHost: www.bolidesoft.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /upd/imbatch/url HTTP/1.1User-Agent: ImBatchUpdaterHost: www.highmotionsoftware.com
      Source: global trafficHTTP traffic detected: GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1Host: static.cloudflareinsights.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.highmotionsoftware.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.highmotionsoftware.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2FImBatch&width=550&height=290&show_faces=true&colorscheme=light&stream=false&border_color&header=true&appId=254901247880888 HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.highmotionsoftware.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /sites/all/themes/freshmade/img/content-wrapper.gif HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.highmotionsoftware.com/sites/all/themes/freshmade/style.css?s7978oAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /sites/all/themes/freshmade/img/navigation-wrapper-2.gif HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.highmotionsoftware.com/sites/all/themes/freshmade/style.css?s7978oAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /sites/all/libraries/superfish/images/arrows-ffffff.png HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.highmotionsoftware.com/sites/all/libraries/superfish/css/superfish.css?s7978oAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /sites/all/modules/languageicons/flags/ru.png HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /sites/all/modules/languageicons/flags/en.png HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /sites/all/themes/freshmade/img/header.gif HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.highmotionsoftware.com/sites/all/themes/freshmade/style.css?s7978oAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /sites/all/libraries/superfish/jquery.hoverIntent.minified.js?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /misc/drupal.js?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /sites/all/libraries/superfish/superfish.js?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /sites/all/libraries/superfish/supersubs.js?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /sites/all/modules/superfish/superfish.js?s7978o HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1Host: static.cloudflareinsights.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yK/l/0,cross/O0Uz2Q0jyKe.css HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yw/r/u5OMVLVnVwH.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/y3/r/Vvet8_5H-wT.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rsrc.php/v3issO4/yc/l/en_US/YYUppJnv9Es.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rsrc.php/v3i7M54/yL/l/en_US/xKY8pb0-fD_.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /v/t39.30808-6/303280254_411128561164160_6605626465690304584_n.jpg?stp=dst-jpg_s526x395&_nc_cat=106&ccb=1-7&_nc_sid=4cb600&_nc_ohc=1I2yrbFI2LYQ7kNvgEsGWmR&_nc_ht=scontent-msp1-1.xx&edm=AEDRbFQEAAAA&_nc_gid=A4syIzp1y9Bx-a7cihdwta0&oh=00_AYCdJGOufY8qZigevwZ9U0PHjEqRvLbmQ_sPWeanTh1Z5w&oe=670A27D3 HTTP/1.1Host: scontent-msp1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yV/r/fZu5tZNIUeX.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
      Source: global trafficHTTP traffic detected: GET /sites/all/themes/freshmade/img/header-wrapper-2.gif HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.highmotionsoftware.com/sites/all/themes/freshmade/style.css?s7978oAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /sites/all/themes/freshmade/img/help.gif HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.highmotionsoftware.com/sites/all/themes/freshmade/style.css?s7978oAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /sites/all/themes/freshmade/img/navigation.gif HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.highmotionsoftware.com/sites/all/themes/freshmade/style.css?s7978oAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /sites/all/themes/freshmade/img/footer-wrapper.gif HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.highmotionsoftware.com/sites/all/themes/freshmade/style.css?s7978oAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878
      Source: global trafficHTTP traffic detected: GET /sites/all/modules/languageicons/flags/ru.png HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878
      Source: global trafficHTTP traffic detected: GET /sites/all/modules/languageicons/flags/en.png HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878
      Source: global trafficHTTP traffic detected: GET /sites/all/themes/freshmade/img/content-wrapper.gif HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878
      Source: global trafficHTTP traffic detected: GET /sites/all/themes/freshmade/img/navigation-wrapper-2.gif HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878
      Source: global trafficHTTP traffic detected: GET /sites/all/libraries/superfish/images/arrows-ffffff.png HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878
      Source: global trafficHTTP traffic detected: GET /sites/all/themes/freshmade/img/header.gif HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878
      Source: global trafficHTTP traffic detected: GET /v/t39.30808-6/303280254_411128561164160_6605626465690304584_n.jpg?stp=dst-jpg_s526x395&_nc_cat=106&ccb=1-7&_nc_sid=4cb600&_nc_ohc=1I2yrbFI2LYQ7kNvgEsGWmR&_nc_ht=scontent-msp1-1.xx&edm=AEDRbFQEAAAA&_nc_gid=A4syIzp1y9Bx-a7cihdwta0&oh=00_AYCdJGOufY8qZigevwZ9U0PHjEqRvLbmQ_sPWeanTh1Z5w&oe=670A27D3 HTTP/1.1Host: scontent-msp1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yF/r/p55HfXW__mM.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/y3/r/Vvet8_5H-wT.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /v/t39.30808-1/305658665_411128564497493_3948090867100769521_n.jpg?stp=cp0_dst-jpg_s50x50&_nc_cat=110&ccb=1-7&_nc_sid=6738e8&_nc_ohc=ILFttH4rPpYQ7kNvgEXQC67&_nc_ht=scontent-msp1-1.xx&edm=AEDRbFQEAAAA&_nc_gid=A4syIzp1y9Bx-a7cihdwta0&oh=00_AYA9WCkZOMo01cK7VhGgG8y9efecxW6MGJWI6xwYX39svg&oe=670A2166 HTTP/1.1Host: scontent-msp1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rsrc.php/v3issO4/yc/l/en_US/YYUppJnv9Es.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yV/r/fZu5tZNIUeX.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rsrc.php/v3i7M54/yL/l/en_US/xKY8pb0-fD_.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yw/r/u5OMVLVnVwH.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yF/r/p55HfXW__mM.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yw/r/UXtr_j2Fwe-.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://static.xx.fbcdn.net/rsrc.php/v3/yK/l/0,cross/O0Uz2Q0jyKe.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /sites/all/themes/freshmade/img/help.gif HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878; _ga=GA1.1.2068184034.1728340878; _ga_DM0MT881VN=GS1.1.1728340877.1.0.1728340878.0.0.0
      Source: global trafficHTTP traffic detected: GET /sites/all/themes/freshmade/img/footer-wrapper.gif HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878; _ga=GA1.1.2068184034.1728340878; _ga_DM0MT881VN=GS1.1.1728340877.1.0.1728340878.0.0.0
      Source: global trafficHTTP traffic detected: GET /sites/all/themes/freshmade/img/header-wrapper-2.gif HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878; _ga=GA1.1.2068184034.1728340878; _ga_DM0MT881VN=GS1.1.1728340877.1.0.1728340878.0.0.0
      Source: global trafficHTTP traffic detected: GET /sites/all/themes/freshmade/img/navigation.gif HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878; _ga=GA1.1.2068184034.1728340878; _ga_DM0MT881VN=GS1.1.1728340877.1.0.1728340878.0.0.0
      Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yR/r/PNStWZQ9T-1.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /v/t39.30808-1/305658665_411128564497493_3948090867100769521_n.jpg?stp=cp0_dst-jpg_s50x50&_nc_cat=110&ccb=1-7&_nc_sid=6738e8&_nc_ohc=ILFttH4rPpYQ7kNvgEXQC67&_nc_ht=scontent-msp1-1.xx&edm=AEDRbFQEAAAA&_nc_gid=A4syIzp1y9Bx-a7cihdwta0&oh=00_AYA9WCkZOMo01cK7VhGgG8y9efecxW6MGJWI6xwYX39svg&oe=670A2166 HTTP/1.1Host: scontent-msp1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yw/r/UXtr_j2Fwe-.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yR/r/PNStWZQ9T-1.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /sites/default/files/favicon.ico HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.highmotionsoftware.com/products/imbatch/thankyouAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878; _ga=GA1.1.2068184034.1728340878; _ga_DM0MT881VN=GS1.1.1728340877.1.0.1728340878.0.0.0
      Source: global trafficHTTP traffic detected: GET /sites/default/files/favicon.ico HTTP/1.1Host: www.highmotionsoftware.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878; _ga=GA1.1.2068184034.1728340878; _ga_DM0MT881VN=GS1.1.1728340877.1.0.1728340878.0.0.0
      Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cL3SfTB3m4YLydf&MD=8HgmYluO HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
      Source: global trafficHTTP traffic detected: GET /ajax/bz?__a=1&__ccg=GOOD&__dyn=7wKxa13wt8K2Wmh0Sw8W5U4e0yoW1DwfG1-wd-4o3Bw5VCwjE3awbG0MU2aw7Bx61vw5zw78w5Uw64w8W1uwc-0pa0h-0Lo6-0uS0ue0QU&__hs=20003.BP%3Aplugin_default_pkg.2.0..0.0&__hsi=7423167547787923565&__req=1&__rev=1017120959&__s=%3A%3Akwak1i&__sp=1&__user=0&dpr=1&jazoest=21864&lsd=zEMCM_Ae440ReJt2zgxGVr HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: ImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: &redirect_uri=fhttps://www.facebook.com/connect/login_success.html equals www.facebook.com (Facebook)
      Source: ImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: 3https://www.facebook.com/connect/login_success.html equals www.facebook.com (Facebook)
      Source: ImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: Vhttps://www.facebook.com/v3.2/dialog/oauth? equals www.facebook.com (Facebook)
      Source: ImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://www.facebook.com/ImBatchU equals www.facebook.com (Facebook)
      Source: global trafficDNS traffic detected: DNS query: www.highmotionsoftware.com
      Source: global trafficDNS traffic detected: DNS query: badges.crowdin.net
      Source: global trafficDNS traffic detected: DNS query: img.youtube.com
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: www.bolidesoft.com
      Source: global trafficDNS traffic detected: DNS query: static.cloudflareinsights.com
      Source: global trafficDNS traffic detected: DNS query: www.facebook.com
      Source: global trafficDNS traffic detected: DNS query: static.xx.fbcdn.net
      Source: global trafficDNS traffic detected: DNS query: scontent-msp1-1.xx.fbcdn.net
      Source: unknownHTTP traffic detected: POST /bc/put.php?v=1&pid=110&w=cd&cid={DC960FFD-14A7-48B7-83D1-6FA0A6445A05}&h=1a5f27020f5d05939025c0cc7616f480 HTTP/1.1Host: www.bolidesoft.com:443Content-Type: multipart/form-data; boundary=--------100724184117203Content-Length: 4272Connection: Keep-AliveCache-Control: no-cacheCookie: PHPSESSID=5af2178aef7e776b5dd854a267c1cd0f
      Source: ImBatch.exe, 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: ftp://swrinde.nde.swri.edu/pub/mng/documents/.See
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000517C000.00000004.00001000.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: http://headhtml%.20s%ddefault%d%.20s
      Source: ImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000517C000.00000004.00001000.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: http://medical.nema.org/.
      Source: ImBatch.exe, 00000004.00000002.3956213744.0000000002006000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://umich.edu/~shameem)
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.HighMotionSoftware.com/
      Source: ImBatch.exe, ImBatch.exe, 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/id/
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000003.1444075146.0000000002580000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000003.1682173621.0000000002207000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1450311174.0000000003510000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
      Source: ImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmp, is-8GFDD.tmp.2.drString found in binary or memory: http://www.eurekalog.com/help/eurekalog/internal_errors.phpEurekaLog
      Source: chromecache_296.9.drString found in binary or memory: http://www.google-analytics.com
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.highmotionsoftware.com/products/imbatch)
      Source: ImBatch.exe, 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: http://www.imagemagick.org
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.imagemagick.org/script/license.php
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.imagemagick.org/www/Notice.html.
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: http://www.imagemagick.org=h#
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: http://www.imagemagick.orgindex.htmlQ16ImageMagick
      Source: ImBatch.exe, 00000004.00000002.3954183742.00000000010AE000.00000020.00000001.01000000.00000007.sdmp, ImBatch.exe, 00000004.00000002.4004426872.00000000051EE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.indyproject.org/
      Source: ImBatch.exe, 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: http://www.libpng.org/
      Source: ImBatch.exe, 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: http://www.libpng.org/pub/mng/
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000517C000.00000004.00001000.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: http://www.smtpe.org
      Source: ImBatch.exe, 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: http://www.wvware.com/
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000517C000.00000004.00001000.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: http://www.wvware.com/c:
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000517C000.00000004.00001000.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: http://www.wvware.com/libwmf:
      Source: ImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://crowdin.com/project/imbatchU
      Source: ImBatch.exe, 00000004.00000002.4015052342.0000000007B8C000.00000004.00000020.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4015052342.0000000007BF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0
      Source: ImBatch.exe, 00000004.00000002.4015052342.0000000007B8C000.00000004.00000020.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4015052342.0000000007BF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://icons8.ru/
      Source: ImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://imagemagick.org/script/download.php#windowsopen
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
      Source: chromecache_296.9.drString found in binary or memory: https://ssl.google-analytics.com
      Source: chromecache_296.9.drString found in binary or memory: https://ssl.google-analytics.com/j/__utm.gif
      Source: chromecache_296.9.drString found in binary or memory: https://stats.g.doubleclick.net/j/collect?
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.HighMotionSoftware.com)
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000003.1682173621.000000000231C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.HighMotionSoftware.com/
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1450311174.0000000003510000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.HighMotionSoftware.com/$not
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000003.1682173621.000000000231C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.HighMotionSoftware.com/)
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000003.1444075146.0000000002580000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1450311174.0000000003510000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.HighMotionSoftware.com/Fhttps://www.HighMotionSoftware.com/Fhttps://www.HighMotionSoftwa
      Source: ImBatch.exe, 00000004.00000002.4039335647.00000000151FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bolidesoft.com/
      Source: ImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://www.bolidesoft.com/a/activate/activate.php?pid=110&kid=112&hw=
      Source: ImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://www.bolidesoft.com/a/banner/check.php?pid=110&b=
      Source: ImBatch.exe, 00000004.00000002.4015052342.0000000007BDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bolidesoft.com/a/banner/check.php?pid=110&b=762&l=0&f=n&ab=%3CClick%20to%20set%20your%20
      Source: ImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://www.bolidesoft.com/bc/put.php?v=1&pid=
      Source: ImBatch.exe, 00000004.00000002.3980972653.0000000002324000.00000004.00000020.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4015052342.0000000007BF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bolidesoft.com/bc/put.php?v=1&pid=110&w=cd&cid=
      Source: ImBatch.exe, 00000004.00000002.4015052342.0000000007B6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/
      Source: ImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://www.google-analytics.com/g/collect?v=2&tid=
      Source: ImBatch.exe, 00000004.00000002.4015052342.0000000007B3B000.00000004.00000020.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4015052342.0000000007B6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/g/collect?v=2&tid=G-66RSDWSDJF&cid=%7BDC960FFD-14A7-48B7-83D1-6FA0A
      Source: chromecache_296.9.drString found in binary or memory: https://www.google.%/ads/ga-audiences?
      Source: chromecache_296.9.drString found in binary or memory: https://www.google.com/analytics/web/inpage/pub/inpage.js?
      Source: ImBatch.exe, 00000004.00000002.4039335647.00000000151FE000.00000004.00000020.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4015052342.0000000007BF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/
      Source: ImBatch.exe, 00000004.00000002.4015052342.0000000007BF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/SP.dll1
      Source: ImBatch.exe, 00000004.00000002.4015052342.0000000007BF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/XK=h%
      Source: ImBatch.exe, 00000004.00000002.4035000015.0000000014674000.00000004.00001000.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4039335647.00000000151E8000.00000004.00000020.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4027221865.000000000F99D000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/download-center/imbatch
      Source: ImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://www.highmotionsoftware.com/help/imbatch/filter_taskU
      Source: ImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://www.highmotionsoftware.com/imb_order.php?LangID=
      Source: ImBatch.exe, 00000004.00000002.4015052342.0000000007BF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/ll
      Source: ImBatch.exe, 00000004.00000002.4015052342.0000000007B6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/lucent
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1625867605.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1626988732.0000000003D6E000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000002.1678242586.0000000003B71000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1450311174.0000000003510000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1626988732.0000000003D4D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/products/imbatch/thankyou
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1653547838.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1625867605.00000000009A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/products/imbatch/thankyou$
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1653547838.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1625867605.00000000009A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/products/imbatch/thankyou3
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000002.1670201560.0000000000918000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/products/imbatch/thankyou5
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616286651.00000000007D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/products/imbatch/thankyouC:
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000002.1678242586.0000000003B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/products/imbatch/thankyouP
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000002.1678242586.0000000003B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/products/imbatch/thankyouW
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1653547838.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1625867605.00000000009A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/products/imbatch/thankyoues
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1653547838.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1625867605.00000000009A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/products/imbatch/thankyougx
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000002.1678242586.0000000003B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/products/imbatch/thankyoul
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000002.1678242586.0000000003B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/products/imbatch/thankyous
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000002.1678242586.0000000003B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/products/imbatch/thankyouu
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1450311174.0000000003510000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/products/imbatch/uninstall
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000003.1444075146.0000000002580000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000003.1682173621.00000000022C0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1642823671.0000000002497000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1626988732.0000000003D2A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1626988732.0000000003D6E000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1450311174.0000000003510000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1626988732.0000000003D4D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/ru/products/imbatch/thankyou
      Source: ImBatch.exe, 00000004.00000002.4015052342.0000000007B3B000.00000004.00000020.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmp, ImBatch.exe, 00000004.00000002.4007089513.0000000005630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/upd/imbatch/url
      Source: ImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://www.highmotionsoftware.com/upd/imbatch/urlU
      Source: ImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmp, ImBatch.exe, 00000004.00000002.4015052342.0000000007B6E000.00000004.00000020.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4015052342.0000000007BF3000.00000004.00000020.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4039335647.00000000151E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/upd/imbatch/version
      Source: ImBatch.exe, 00000004.00000002.4015052342.0000000007B6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/upd/imbatch/versionR
      Source: ImBatch.exe, 00000004.00000002.4037746737.0000000014E08000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/upd/imbatch/versiona
      Source: ImBatch.exe, 00000004.00000002.4015052342.0000000007BF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.highmotionsoftware.com/upd/imbatch/versionpp
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000003.1446570727.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000003.1445813136.00000000026C0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000000.1448131608.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.innosetup.com/
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000003.1446570727.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000003.1445813136.00000000026C0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000000.1448131608.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.remobjects.com/ps
      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
      Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
      Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
      Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
      Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
      Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
      Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
      Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
      Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
      Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
      Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.8:49708 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.164.223:443 -> 192.168.2.8:49782 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.193.111.117:443 -> 192.168.2.8:49786 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49798 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49831 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.8:49885 version: TLS 1.2
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE3DCFE OpenClipboard,4_2_0EE3DCFE
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE3DDC2 SetClipboardData,4_2_0EE3DDC2
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE3DAA6 GetClipboardData,4_2_0EE3DAA6
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE85770 GetObjectW,GetDC,CreateCompatibleDC,CreateBitmap,CreateCompatibleBitmap,GetDeviceCaps,GetDeviceCaps,SelectObject,GetDIBColorTable,GetDIBits,SelectObject,CreateDIBSection,GetDIBits,SelectObject,SelectPalette,RealizePalette,FillRect,SetTextColor,SetBkColor,SetDIBColorTable,PatBlt,CreateCompatibleDC,SelectObject,SelectPalette,RealizePalette,SetTextColor,SetBkColor,BitBlt,SelectPalette,SelectObject,DeleteDC,SelectPalette,4_2_0EE85770
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE3DB16 GetKeyboardState,4_2_0EE3DB16

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 00000004.00000002.3980690776.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_a7da40b7 Author: unknown
      Source: 00000004.00000002.3980029463.00000000020F8000.00000040.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_a7da40b7 Author: unknown
      Source: 00000004.00000002.3980029463.00000000020F8000.00000040.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_d4b38e13 Author: unknown
      PE file has nameless sections
      Source: is-AVM6R.tmp.2.drStatic PE information: section name:
      Source: is-AVM6R.tmp.2.drStatic PE information: section name:
      Source: is-AVM6R.tmp.2.drStatic PE information: section name:
      Source: is-AVM6R.tmp.2.drStatic PE information: section name:
      Source: is-AVM6R.tmp.2.drStatic PE information: section name:
      Source: is-AVM6R.tmp.2.drStatic PE information: section name:
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess Stats: CPU usage > 49%
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeMemory allocated: 769B0000 page read and writeJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeMemory allocated: 756F0000 page read and writeJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeMemory allocated: 775A0000 page read and writeJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_058939D44_2_058939D4
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_058963904_2_05896390
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_05891E644_2_05891E64
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0F018C5C4_2_0F018C5C
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0F0111B84_2_0F0111B8
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EFCFFA04_2_0EFCFFA0
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EF1EF884_2_0EF1EF88
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EFFBF604_2_0EFFBF60
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0F089EE04_2_0F089EE0
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EF22F0C4_2_0EF22F0C
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE38CB44_2_0EE38CB4
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0F069D784_2_0F069D78
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0F06BC304_2_0F06BC30
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0F030C704_2_0F030C70
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0F095BC04_2_0F095BC0
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EF236504_2_0EF23650
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE337044_2_0EE33704
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EFDC4044_2_0EFDC404
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EF242E84_2_0EF242E8
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE8B2984_2_0EE8B298
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE8A25C4_2_0EE8A25C
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EF243D44_2_0EF243D4
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EF2339C4_2_0EF2339C
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EFCC3804_2_0EFCC380
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0F0011AC4_2_0F0011AC
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0F06B05C4_2_0F06B05C
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_100299B04_2_100299B0
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_1001B1C04_2_1001B1C0
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_102301E94_2_102301E9
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_100ECA604_2_100ECA60
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_10019A804_2_10019A80
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_100292D44_2_100292D4
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_100292F34_2_100292F3
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_10228B354_2_10228B35
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_10021B204_2_10021B20
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_1004D3804_2_1004D380
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_1006ABB04_2_1006ABB0
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_100184F04_2_100184F0
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_100205104_2_10020510
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_100175704_2_10017570
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_100EC5904_2_100EC590
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_10058E504_2_10058E50
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_10054EC04_2_10054EC0
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_100167304_2_10016730
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_10051FB04_2_10051FB0
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_6C5D4DDB4_2_6C5D4DDB
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_6C5CD5A74_2_6C5CD5A7
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_6C5C30504_2_6C5C3050
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_6C5C52404_2_6C5C5240
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_6C5FC4C04_2_6C5FC4C0
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_6C62A4C04_2_6C62A4C0
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_6C5FBCE04_2_6C5FBCE0
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_6C618CB04_2_6C618CB0
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_058940904_2_05894090
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_05894E5C4_2_05894E5C
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: String function: 102247E9 appears 65 times
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: String function: 10001A60 appears 99 times
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: String function: 102235B0 appears 66 times
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: String function: 10005640 appears 79 times
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: String function: 10004E10 appears 83 times
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: String function: 10001B20 appears 151 times
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: String function: 10229110 appears 38 times
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: String function: 0EE690D4 appears 56 times
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: String function: 6C5CCE50 appears 33 times
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: String function: 0EE353D8 appears 56 times
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: String function: 10004A10 appears 278 times
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: String function: 0589B59C appears 70 times
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: String function: 10007FA0 appears 196 times
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
      Source: is-3GFF4.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
      Source: is-AVM6R.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
      Source: is-AVM6R.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: COM executable for DOS
      Source: is-GR2NP.tmp.2.drStatic PE information: Number of sections : 11 > 10
      Source: is-8GFDD.tmp.2.drStatic PE information: Number of sections : 11 > 10
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000003.1445813136.00000000029A9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000000.1443528355.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000003.1446570727.000000007FE15000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000003.1682173621.00000000022E8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeBinary or memory string: OriginalFileName vs SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
      Source: 00000004.00000002.3980690776.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_a7da40b7 reference_sample = 2fb7241ffdfa7525f125e6d7b18e895cfb512ebb6905d056dbe7d76e8d6df806, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 62a62ede10d977582329b3daaa80b0b64576add77736135bac97d3a3eb6de558, id = a7da40b7-63cc-4456-a592-0485932092d5, last_modified = 2022-04-12
      Source: 00000004.00000002.3980029463.00000000020F8000.00000040.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_a7da40b7 reference_sample = 2fb7241ffdfa7525f125e6d7b18e895cfb512ebb6905d056dbe7d76e8d6df806, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 62a62ede10d977582329b3daaa80b0b64576add77736135bac97d3a3eb6de558, id = a7da40b7-63cc-4456-a592-0485932092d5, last_modified = 2022-04-12
      Source: 00000004.00000002.3980029463.00000000020F8000.00000040.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_d4b38e13 reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = c91f97a7e609d8138f8c5c7dd66cf675b1b3762f26baa5bf983ee212011b99cb, id = d4b38e13-1439-4549-ba90-0b4a8ed57fb3, last_modified = 2022-04-12
      Source: is-AVM6R.tmp.2.drStatic PE information: Section: ZLIB complexity 0.9994049669600075
      Source: is-8GFDD.tmp.2.drBinary string: \Device\Video0
      Source: classification engineClassification label: sus30.evad.winEXE@21/377@32/17
      Source: is-MOFJV.tmp.2.drInitial sample: http://www.highmotionsoftware.com/products/imbatch
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE8105C GetLastError,FormatMessageW,4_2_0EE8105C
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE3D25A GetDiskFreeSpaceW,4_2_0EE3D25A
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE3D46E SizeofResource,4_2_0EE3D46E
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatchJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeMutant created: NULL
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeMutant created: \Sessions\1\BaseNamedObjects\imbatch_update
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeFile created: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmpJump to behavior
      Source: Yara matchFile source: C:\Program Files (x86)\ImBatch\is-8GFDD.tmp, type: DROPPED
      Source: Yara matchFile source: C:\Program Files (x86)\ImBatch\is-GR2NP.tmp, type: DROPPED
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile read: C:\Program Files (x86)\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeString found in binary or memory: /LOADINF="filename"
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe"
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeProcess created: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp "C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp" /SL5="$1040C,24100606,908800,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpProcess created: C:\Program Files (x86)\ImBatch\ImBatch.exe "C:\Program Files (x86)\ImBatch\ImBatch.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.highmotionsoftware.com/products/imbatch/thankyou
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=2436,i,14634067751005810082,15773404869222309641,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeProcess created: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp "C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp" /SL5="$1040C,24100606,908800,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe" Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpProcess created: C:\Program Files (x86)\ImBatch\ImBatch.exe "C:\Program Files (x86)\ImBatch\ImBatch.exe"Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.highmotionsoftware.com/products/imbatch/thankyouJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=2436,i,14634067751005810082,15773404869222309641,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeSection loaded: netapi32.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: mpr.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: version.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: netapi32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: wtsapi32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: winsta.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: rstrtmgr.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: textshaping.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: explorerframe.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: sfc.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: sfc_os.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: linkinfo.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: ntshrui.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: cscapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: ieframe.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: wkscli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: edputil.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: secur32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: mlang.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: policymanager.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: version.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: avifil32.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: msvfw32.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: msacm32.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: winmmbase.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: winmmbase.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: oleacc.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: jpeg62.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: wsock32.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: pspihost.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: wtsapi32.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: windowscodecs.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: olepro32.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: security.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: directxtex.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: idndl.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: libheif.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: libde265.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: core_rl_wand_.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: core_rl_magickwand_.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: mscms.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: coloradapterclient.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: dciman32.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: wpdfview03.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: msimg32.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: wpdecodejp.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: thumbcache.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: ieframe.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: netapi32.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: dataexchange.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: d3d11.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: dcomp.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: dxgi.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: twinapi.appcore.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
      Source: ImBatch (32-bit).lnk.2.drLNK file: ..\..\..\..\..\..\..\Program Files (x86)\ImBatch\ImBatch.exe
      Source: Image Monitor (32-bit).lnk.2.drLNK file: ..\..\..\..\..\..\..\Program Files (x86)\ImBatch\ImageMonitor.exe
      Source: Context Menu Editor (32-bit).lnk.2.drLNK file: ..\..\..\..\..\..\..\Program Files (x86)\ImBatch\ContextMenuEditor.exe
      Source: Uninstall ImBatch (32-bit).lnk.2.drLNK file: ..\..\..\..\..\..\..\Program Files (x86)\ImBatch\unins000.exe
      Source: ImBatch (32-bit).lnk0.2.drLNK file: ..\..\..\Program Files (x86)\ImBatch\ImBatch.exe
      Source: Google Drive.lnk.7.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: YouTube.lnk.7.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Sheets.lnk.7.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Gmail.lnk.7.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Slides.lnk.7.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Docs.lnk.7.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpWindow found: window name: TMainFormJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpAutomated click: Next
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpAutomated click: Next
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpAutomated click: Next
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpAutomated click: Next
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeStatic PE information: certificate valid
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeStatic file information: File size 25216120 > 1048576
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: Binary string: D:\Develop\VisualStudio\DirectXTex\DirectXTex-master\DirectXTex\Bin\Desktop_2017\Win32\Release\DirectXTex.pdb source: ImBatch.exe, 00000004.00000002.4048877363.000000006E6A2000.00000002.00000001.01000000.0000000E.sdmp
      Source: Binary string: D:\Develop\VisualStudio\heif\Release\heif.pdb source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000002.1668038621.000000000018C000.00000004.00000010.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4049911354.000000006EB0F000.00000002.00000001.01000000.00000012.sdmp
      Source: Binary string: {D:\Develop\VisualStudio\DirectXTex\DirectXTex-master\DirectXTex\Bin\Desktop_2017\Win32\Release\DirectXTex.pdb source: ImBatch.exe, 00000004.00000002.4048877363.000000006E6A2000.00000002.00000001.01000000.0000000E.sdmp
      Source: Binary string: D:\Delphi Projects\ImBatchContextMenu\x64\Release\ImBatchContextMenuHandler-x64.pdb source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: D:\Delphi Projects\ImBatchContextMenu\Release\ImBatchContextMenuHandler.pdb! source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: YD:\Delphi Projects\ImBatchContextMenu\x64\Release\ImBatchContextMenuHandler-x64.pdb source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: D:\Develop\VisualStudio\webp\Output\Win32\Release\webp.pdb source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4048026498.000000006D4B1000.00000002.00000001.01000000.00000011.sdmp
      Source: Binary string: D:\Delphi Projects\PhotoshopHost\pspiHost\Out\Win32\Release\pspiHost.pdb source: ImBatch.exe, 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmp
      Source: Binary string: D:\Delphi Projects\ImBatchContextMenu\Release\ImBatchContextMenuHandler.pdb source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmp
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_102331ED LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_102331ED
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeStatic PE information: section name: .didata
      Source: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp.0.drStatic PE information: section name: .didata
      Source: is-3GFF4.tmp.2.drStatic PE information: section name: .didata
      Source: is-8GFDD.tmp.2.drStatic PE information: section name: .didata
      Source: is-GR2NP.tmp.2.drStatic PE information: section name: .didata
      Source: is-AVM6R.tmp.2.drStatic PE information: section name:
      Source: is-AVM6R.tmp.2.drStatic PE information: section name:
      Source: is-AVM6R.tmp.2.drStatic PE information: section name:
      Source: is-AVM6R.tmp.2.drStatic PE information: section name:
      Source: is-AVM6R.tmp.2.drStatic PE information: section name:
      Source: is-AVM6R.tmp.2.drStatic PE information: section name:
      Source: is-FNB5F.tmp.2.drStatic PE information: section name: _RDATA
      Source: is-LKQB2.tmp.2.drStatic PE information: section name: .didata
      Source: is-OHCKU.tmp.2.drStatic PE information: section name: _RDATA
      Source: is-99KO6.tmp.2.drStatic PE information: section name: _RDATA
      Source: is-HNP1I.tmp.2.drStatic PE information: section name: _RDATA
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_058911C2 push 00000BADh; ret 4_2_058911CE
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0589CCAC push eax; ret 4_2_0589CD95
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE43E68 push ecx; mov dword ptr [esp], ecx4_2_0EE43E6D
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EEE8CA4 push ecx; mov dword ptr [esp], edx4_2_0EEE8CA8
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EF3EC48 push 0EF3ECEAh; ret 4_2_0EF3ECE2
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EFCEC3C push ecx; mov dword ptr [esp], edx4_2_0EFCEC41
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE71DB0 push ecx; mov dword ptr [esp], ecx4_2_0EE71DB3
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EFCED40 push ecx; mov dword ptr [esp], edx4_2_0EFCED45
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0F095BC0 push 0F097BAAh; ret 4_2_0F097BA2
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE38BC8 push ecx; mov dword ptr [esp], eax4_2_0EE38BC9
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EFCD8E0 push ecx; mov dword ptr [esp], edx4_2_0EFCD8E5
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE3B508 push 0EE3B577h; ret 4_2_0EE3B56F
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE6B374 push ecx; mov dword ptr [esp], edx4_2_0EE6B376
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE351A4 push eax; ret 4_2_0EE351E0
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0F0A308C push 0F0A31C0h; ret 4_2_0F0A31B8
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_1022914B push ecx; ret 4_2_1022915B
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_100272C0 push E8511024h; ret 4_2_100272D9
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_102235B0 push eax; ret 4_2_102235C4
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_102235B0 push eax; ret 4_2_102235EC
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_6C5CCE96 push ecx; ret 4_2_6C5CCEA9
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_6C5C3960 push ecx; mov dword ptr [esp], 00000000h4_2_6C5C7481
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_6C63AC76 push ecx; ret 4_2_6C63AC89
      Source: is-AVM6R.tmp.2.drStatic PE information: section name: entropy: 7.996801480815236
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\Plugins\heif\heif.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\is-4IE2K.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\is-Q6F2H.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\ImBatchExtra.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\is-187E4.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\is-LD7EM.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\is-99KO6.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\ImBatchFormats.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\is-LHMKI.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\is-OHCKU.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\ImBatchContextMenuHandler.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\is-3GFF4.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\ImBatchOpenCV.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\Plugins\webp\webp.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\is-9K996.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\Plugins\heif\is-A1M78.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\tbb.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Users\user\AppData\Local\Temp\is-AUHB1.tmp\_isetup\_setup64.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\Plugins\jbig\jbiglib.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\is-J21TG.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\wp_type1ttf.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\potrace.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\Plugins\jbig\is-9AH33.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\is-GR2NP.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\Plugins\imagemagick\imagemagick.dll (copy)Jump to dropped file
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeFile created: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\is-27TQD.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\wPDFView03.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\is-7C04I.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\Plugins\imagemagick\is-1E3EV.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\is-LKQB2.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\jpeg62.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\libde265.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\pspiHost.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\is-FBACC.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\ImBatch.exe (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\ContextMenuEditor.exe (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\is-FNB5F.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\is-C4JUH.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\is-8GFDD.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\is-7HQ59.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\DirectXTex.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\ImageMonitor.exe (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\ssleay32.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\Plugins\webp\is-HNP1I.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\ielib32.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\ImBatchContextMenuHandler-X64.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\is-00VUD.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\is-UGCE9.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\libheif.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\unins000.exe (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\libeay32.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\is-AVM6R.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\Program Files (x86)\ImBatch\zlib1.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\High Motion SoftwareJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\High Motion Software\ImBatch (32-bit)Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\High Motion Software\ImBatch (32-bit)\ImBatch (32-bit).lnkJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\High Motion Software\ImBatch (32-bit)\Image Monitor (32-bit).lnkJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\High Motion Software\ImBatch (32-bit)\Context Menu Editor (32-bit).lnkJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\High Motion Software\ImBatch (32-bit)\ImBatch (32-bit) on the Web.urlJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\High Motion Software\ImBatch (32-bit)\Uninstall ImBatch (32-bit).lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE3DC66 IsIconic,4_2_0EE3DC66
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_6C5CD5A7 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_6C5CD5A7
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
      Source: ImBatch.exe, 00000004.00000002.3934986180.000000000054C000.00000020.00000001.01000000.00000007.sdmp, is-8GFDD.tmp.2.drBinary or memory string: SBIEDLL.DLL
      Tries to evade debugger and weak emulator (self modifying code)
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeSpecial instruction interceptor: First address: 210D3BA instructions caused by: Self-modifying code
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeWindow / User API: threadDelayed 3893Jump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeWindow / User API: threadDelayed 2295Jump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeWindow / User API: threadDelayed 2509Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\Plugins\heif\heif.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\is-Q6F2H.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\is-4IE2K.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\ImBatchExtra.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\is-7C04I.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\is-187E4.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\is-LD7EM.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\Plugins\imagemagick\is-1E3EV.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\is-99KO6.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\ImBatchFormats.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\is-LHMKI.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\is-OHCKU.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\is-LKQB2.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\ImBatchContextMenuHandler.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\is-3GFF4.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\ImBatchOpenCV.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\is-FBACC.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\ContextMenuEditor.exe (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\Plugins\webp\webp.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\is-FNB5F.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\is-C4JUH.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\is-8GFDD.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\is-9K996.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\is-7HQ59.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\Plugins\heif\is-A1M78.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\tbb.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\ImageMonitor.exe (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\Plugins\jbig\jbiglib.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-AUHB1.tmp\_isetup\_setup64.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\ssleay32.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\ImBatchContextMenuHandler-X64.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\Plugins\webp\is-HNP1I.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\ielib32.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\is-J21TG.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\is-00VUD.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\is-UGCE9.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\wp_type1ttf.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\potrace.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\unins000.exe (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\Plugins\jbig\is-9AH33.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\Plugins\imagemagick\imagemagick.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\is-GR2NP.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\libeay32.dll (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\is-27TQD.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpDropped PE file which has not been started: C:\Program Files (x86)\ImBatch\zlib1.dll (copy)Jump to dropped file
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeAPI coverage: 3.9 %
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exe TID: 7536Thread sleep time: -77860s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exe TID: 7556Thread sleep time: -918000s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exe TID: 7556Thread sleep time: -1003600s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeThread sleep count: Count: 3893 delay: -20Jump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE3A3CC FindFirstFileW,FindClose,4_2_0EE3A3CC
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE39E64 GetModuleHandleW,GetProcAddress,lstrcpynW,lstrcpynW,lstrcpynW,FindFirstFileW,FindClose,lstrlenW,lstrcpynW,lstrlenW,lstrcpynW,4_2_0EE39E64
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE44A84 FindFirstFileW,FindClose,4_2_0EE44A84
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_1023590A FindFirstFileA,_strlen,GetDriveTypeA,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,4_2_1023590A
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_1000D580 FindFirstFileA,FindFirstFileA,FindFirstFileA,4_2_1000D580
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_6C5D28DF FindFirstFileExW,4_2_6C5D28DF
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_6C5CD344 FindFirstFileExW,__Read_dir,FindClose,std::tr2::sys::_Strcpy,4_2_6C5CD344
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE3B08A GetSystemInfo,4_2_0EE3B08A
      Source: ImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: VMware
      Source: ImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: GetVirtualMachine
      Source: is-8GFDD.tmp.2.drBinary or memory string: VMWare GSX
      Source: ImBatch.exe, 00000004.00000002.4015052342.0000000007B8C000.00000004.00000020.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.3980972653.0000000002324000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: is-8GFDD.tmp.2.drBinary or memory string: VMWare ESX
      Source: is-8GFDD.tmp.2.drBinary or memory string: VMWareU
      Source: is-8GFDD.tmp.2.drBinary or memory string: vboxservice.exe
      Source: is-8GFDD.tmp.2.drBinary or memory string: VMWare Express
      Source: is-8GFDD.tmp.2.drBinary or memory string: VMWare Workstation
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeAPI call chain: ExitProcess graph end nodegraph_4-69603
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpProcess information queried: ProcessInformationJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0EE3D3FE IsDebuggerPresent,4_2_0EE3D3FE
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_102331ED LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_102331ED
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_6C5D24EB mov eax, dword ptr fs:[00000030h]4_2_6C5D24EB
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_6C5D0CA3 mov eax, dword ptr fs:[00000030h]4_2_6C5D0CA3
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_058911CF GetProcessHeap,HeapAlloc,4_2_058911CF
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_6C5CCCC9 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_6C5CCCC9
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_6C5D0504 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_6C5D0504
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_6C5CC6B7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_6C5CC6B7
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.highmotionsoftware.com/products/imbatch/thankyouJump to behavior
      Source: is-8GFDD.tmp.2.drBinary or memory string: Shell_TrayWndTrayNotifyWndU
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_6C5CCEAB cpuid 4_2_6C5CCEAB
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,4_2_0EE3A4B4
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,4_2_0EE399FC
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: GetLocaleInfoW,4_2_0EE3D28A
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: _strlen,_strlen,EnumSystemLocalesA,4_2_1022BAFA
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: _strlen,EnumSystemLocalesA,4_2_1022BAC3
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: _strlen,EnumSystemLocalesA,4_2_1022BB80
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: GetLocaleInfoA,_TranslateName,_TranslateName,IsValidCodePage,IsValidLocale,4_2_1022BBD5
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmpQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_0589B5FC GetLocalTime,wsprintfA,4_2_0589B5FC
      Source: C:\Program Files (x86)\ImBatch\ImBatch.exeCode function: 4_2_058910CD GetVersion,4_2_058910CD

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire Infrastructure1
      Drive-by Compromise      		1
      Native API      		1
      DLL Side-Loading      		1
      DLL Side-Loading      		1
      Deobfuscate/Decode Files or Information      		11
      Input Capture      		1
      System Time Discovery      		Remote Services1
      Archive Collected Data      		1
      Ingress Tool Transfer      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomains1
      Spearphishing Link      		2
      Command and Scripting Interpreter      		1
      Registry Run Keys / Startup Folder      		12
      Process Injection      		4
      Obfuscated Files or Information      		LSASS Memory2
      File and Directory Discovery      		Remote Desktop Protocol1
      Screen Capture      		11
      Encrypted Channel      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      Registry Run Keys / Startup Folder      		2
      Software Packing      		Security Account Manager145
      System Information Discovery      		SMB/Windows Admin Shares11
      Input Capture      		3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      DLL Side-Loading      		NTDS1
      Query Registry      		Distributed Component Object Model3
      Clipboard Data      		4
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
      Masquerading      		LSA Secrets221
      Security Software Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
      Virtualization/Sandbox Evasion      		Cached Domain Credentials2
      Virtualization/Sandbox Evasion      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
      Process Injection      		DCSync2
      Process Discovery      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem11
      Application Window Discovery      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow2
      System Owner/User Discovery      		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528522 Sample: SecuriteInfo.com.Trojan.Win... Startdate: 08/10/2024 Architecture: WINDOWS Score: 30 34 www.bolidesoft.com 2->34 36 www.highmotionsoftware.com 2->36 38 bolidesoft.com 2->38 58 Malicious sample detected (through community Yara rule) 2->58 60 PE file has nameless sections 2->60 62 Tries to evade debugger and weak emulator (self modifying code) 2->62 9 SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe 2 2->9         started        signatures3 process4 file5 24 SecuriteInfo.com.T...rypt.12164.3161.tmp, PE32 9->24 dropped 12 SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp 32 154 9->12         started        process6 file7 26 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 12->26 dropped 28 C:\Program Files (x86)\...\zlib1.dll (copy), PE32 12->28 dropped 30 C:\...\wp_type1ttf.dll (copy), PE32 12->30 dropped 32 50 other files (none is malicious) 12->32 dropped 15 ImBatch.exe 2 31 12->15         started        19 chrome.exe 9 12->19         started        process8 dnsIp9 46 bolidesoft.com 104.193.111.117, 443, 49786, 49810 PRIVATESYSTEMSUS United States 15->46 48 172.67.164.223, 443, 49782, 49787 CLOUDFLARENETUS United States 15->48 56 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 15->56 50 192.168.2.5 unknown unknown 19->50 52 192.168.2.6 unknown unknown 19->52 54 3 other IPs or domains 19->54 21 chrome.exe 19->21         started        signatures10 process11 dnsIp12 40 www.facebook.com 21->40 42 static.xx.fbcdn.net 21->42 44 12 other IPs or domains 21->44

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe3%ReversingLabs

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Program Files (x86)\ImBatch\ContextMenuEditor.exe (copy)8%ReversingLabs
      C:\Program Files (x86)\ImBatch\DirectXTex.dll (copy)0%ReversingLabs
      C:\Program Files (x86)\ImBatch\ImBatch.exe (copy)0%ReversingLabs
      C:\Program Files (x86)\ImBatch\ImBatchContextMenuHandler-X64.dll (copy)0%ReversingLabs
      C:\Program Files (x86)\ImBatch\ImBatchContextMenuHandler.dll (copy)0%ReversingLabs
      C:\Program Files (x86)\ImBatch\ImBatchExtra.dll (copy)0%ReversingLabs
      C:\Program Files (x86)\ImBatch\ImBatchFormats.dll (copy)0%ReversingLabs
      C:\Program Files (x86)\ImBatch\ImBatchOpenCV.dll (copy)0%ReversingLabs
      C:\Program Files (x86)\ImBatch\ImageMonitor.exe (copy)3%ReversingLabs
      C:\Program Files (x86)\ImBatch\Plugins\heif\heif.dll (copy)0%ReversingLabs
      C:\Program Files (x86)\ImBatch\Plugins\heif\is-A1M78.tmp0%ReversingLabs
      C:\Program Files (x86)\ImBatch\Plugins\imagemagick\imagemagick.dll (copy)0%ReversingLabs
      C:\Program Files (x86)\ImBatch\Plugins\imagemagick\is-1E3EV.tmp0%ReversingLabs
      C:\Program Files (x86)\ImBatch\Plugins\jbig\is-9AH33.tmp0%ReversingLabs
      C:\Program Files (x86)\ImBatch\Plugins\jbig\jbiglib.dll (copy)0%ReversingLabs
      C:\Program Files (x86)\ImBatch\Plugins\webp\is-HNP1I.tmp0%ReversingLabs
      C:\Program Files (x86)\ImBatch\Plugins\webp\webp.dll (copy)0%ReversingLabs
      C:\Program Files (x86)\ImBatch\ielib32.dll (copy)0%ReversingLabs
      C:\Program Files (x86)\ImBatch\is-00VUD.tmp2%ReversingLabs
      C:\Program Files (x86)\ImBatch\is-187E4.tmp0%ReversingLabs
      C:\Program Files (x86)\ImBatch\is-27TQD.tmp0%ReversingLabs
      C:\Program Files (x86)\ImBatch\is-3GFF4.tmp0%ReversingLabs
      C:\Program Files (x86)\ImBatch\is-4IE2K.tmp5%ReversingLabs
      C:\Program Files (x86)\ImBatch\is-7C04I.tmp0%ReversingLabs
      C:\Program Files (x86)\ImBatch\is-7HQ59.tmp0%ReversingLabs
      C:\Program Files (x86)\ImBatch\is-8GFDD.tmp3%ReversingLabs
      C:\Program Files (x86)\ImBatch\is-99KO6.tmp0%ReversingLabs
      C:\Program Files (x86)\ImBatch\is-9K996.tmp2%ReversingLabs
      C:\Program Files (x86)\ImBatch\is-AVM6R.tmp0%ReversingLabs
      C:\Program Files (x86)\ImBatch\is-C4JUH.tmp0%ReversingLabs
      C:\Program Files (x86)\ImBatch\is-FBACC.tmp0%ReversingLabs
      C:\Program Files (x86)\ImBatch\is-FNB5F.tmp0%ReversingLabs
      C:\Program Files (x86)\ImBatch\is-GR2NP.tmp8%ReversingLabs
      C:\Program Files (x86)\ImBatch\is-J21TG.tmp0%ReversingLabs
      C:\Program Files (x86)\ImBatch\is-LD7EM.tmp0%ReversingLabs
      C:\Program Files (x86)\ImBatch\is-LHMKI.tmp0%ReversingLabs
      C:\Program Files (x86)\ImBatch\is-LKQB2.tmp0%ReversingLabs
      C:\Program Files (x86)\ImBatch\is-OHCKU.tmp0%ReversingLabs
      C:\Program Files (x86)\ImBatch\is-Q6F2H.tmp0%ReversingLabs
      C:\Program Files (x86)\ImBatch\is-UGCE9.tmp0%ReversingLabs
      C:\Program Files (x86)\ImBatch\jpeg62.dll (copy)5%ReversingLabs
      C:\Program Files (x86)\ImBatch\libde265.dll (copy)0%ReversingLabs
      C:\Program Files (x86)\ImBatch\libeay32.dll (copy)0%ReversingLabs
      C:\Program Files (x86)\ImBatch\libheif.dll (copy)2%ReversingLabs
      C:\Program Files (x86)\ImBatch\potrace.dll (copy)0%ReversingLabs
      C:\Program Files (x86)\ImBatch\pspiHost.dll (copy)0%ReversingLabs
      C:\Program Files (x86)\ImBatch\ssleay32.dll (copy)0%ReversingLabs
      C:\Program Files (x86)\ImBatch\tbb.dll (copy)2%ReversingLabs
      C:\Program Files (x86)\ImBatch\unins000.exe (copy)0%ReversingLabs
      C:\Program Files (x86)\ImBatch\wPDFView03.dll (copy)0%ReversingLabs
      C:\Program Files (x86)\ImBatch\wp_type1ttf.dll (copy)0%ReversingLabs
      C:\Program Files (x86)\ImBatch\zlib1.dll (copy)0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\is-AUHB1.tmp\_isetup\_setup64.tmp0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c12417176891760150%URL Reputationsafe
      http://www.indyproject.org/0%URL Reputationsafe
      https://www.remobjects.com/ps0%URL Reputationsafe
      https://www.innosetup.com/0%URL Reputationsafe
      https://stats.g.doubleclick.net/j/collect?0%URL Reputationsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      bolidesoft.com
      		104.193.111.117
      		truefalse
        		unknown
        star-mini.c10r.facebook.com
        		157.240.251.35
        		truefalse
          		unknown
          scontent.xx.fbcdn.net
          		157.240.251.9
          		truefalse
            		unknown
            static.cloudflareinsights.com
            		104.16.79.73
            		truefalse
              		unknown
              d322cqt584bo4o.cloudfront.net
              		13.32.27.32
              		truefalse
                		unknown
                www.google.com
                		142.250.186.68
                		truefalse
                  		unknown
                  www.highmotionsoftware.com
                  		104.21.11.4
                  		truefalse
                    		unknown
                    scontent-msp1-1.xx.fbcdn.net
                    		157.240.26.27
                    		truefalse
                      		unknown
                      ytimg.l.google.com
                      		142.250.186.78
                      		truefalse
                        		unknown
                        img.youtube.com
                        		unknown
                        		unknowntrue
                          		unknown
                          www.facebook.com
                          		unknown
                          		unknowntrue
                            		unknown
                            www.bolidesoft.com
                            		unknown
                            		unknowntrue
                              		unknown
                              badges.crowdin.net
                              		unknown
                              		unknowntrue
                                		unknown
                                static.xx.fbcdn.net
                                		unknown
                                		unknowntrue
                                  		unknown

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015false
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.highmotionsoftware.com/sites/all/modules/languageicons/flags/ru.pngfalse
                                    		unknown
                                    https://static.xx.fbcdn.net/rsrc.php/v3/yK/l/0,cross/O0Uz2Q0jyKe.cssfalse
                                      		unknown
                                      https://www.highmotionsoftware.com/sites/all/themes/freshmade/img/content-wrapper.giffalse
                                        		unknown
                                        https://static.xx.fbcdn.net/rsrc.php/v3/yR/r/PNStWZQ9T-1.jsfalse
                                          		unknown
                                          https://www.highmotionsoftware.com/sites/all/modules/languageicons/flags/en.pngfalse
                                            		unknown
                                            https://www.highmotionsoftware.com/modules/system/system.theme.css?s7978ofalse
                                              		unknown
                                              https://www.highmotionsoftware.com/modules/system/system.menus.css?s7978ofalse
                                                		unknown
                                                https://www.bolidesoft.com/a/banner/check.php?pid=110&b=762&l=0&f=n&ab=%3CClick%20to%20set%20your%20name%20here%3E&c=91DA9E9C&cid={DC960FFD-14A7-48B7-83D1-6FA0A6445A05}&rc=1&nocache=148false
                                                  		unknown
                                                  https://img.youtube.com/vi/m4a7nHpFuzw/0.jpgfalse
                                                    		unknown
                                                    https://www.highmotionsoftware.com/sites/all/libraries/superfish/images/arrows-ffffff.pngfalse
                                                      		unknown
                                                      https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.jsfalse
                                                        		unknown
                                                        https://www.highmotionsoftware.com/cdn-cgi/rum?false
                                                          		unknown
                                                          https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.pngfalse
                                                            		unknown
                                                            https://www.highmotionsoftware.com/sites/default/files/favicon.icofalse
                                                              		unknown
                                                              https://www.highmotionsoftware.com/modules/locale/locale.css?s7978ofalse
                                                                		unknown
                                                                https://www.highmotionsoftware.com/sites/all/modules/ctools/css/ctools.css?s7978ofalse
                                                                  		unknown
                                                                  https://www.highmotionsoftware.com/misc/jquery-html-prefilter-3.5.0-backport.js?v=1.4.4false
                                                                    		unknown
                                                                    https://www.highmotionsoftware.com/misc/jquery.once.js?v=1.2false
                                                                      		unknown
                                                                      https://www.highmotionsoftware.com/upd/imbatch/urlfalse
                                                                        		unknown
                                                                        https://static.xx.fbcdn.net/rsrc.php/v3issO4/yc/l/en_US/YYUppJnv9Es.jsfalse
                                                                          		unknown
                                                                          https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/u5OMVLVnVwH.jsfalse
                                                                            		unknown
                                                                            https://static.xx.fbcdn.net/rsrc.php/v3/y3/r/Vvet8_5H-wT.jsfalse
                                                                              		unknown
                                                                              https://www.bolidesoft.com:443/bc/put.php?v=1&pid=110&w=cd&cid={DC960FFD-14A7-48B7-83D1-6FA0A6445A05}&h=1a5f27020f5d05939025c0cc7616f480false
                                                                                		unknown
                                                                                https://www.highmotionsoftware.com/sites/all/themes/freshmade/style.css?s7978ofalse
                                                                                  		unknown
                                                                                  https://www.highmotionsoftware.com/sites/all/libraries/superfish/style/coffee.css?s7978ofalse
                                                                                    		unknown
                                                                                    https://www.highmotionsoftware.com/sites/all/themes/freshmade/img/footer-wrapper.giffalse
                                                                                      		unknown
                                                                                      https://www.highmotionsoftware.com/sites/all/libraries/superfish/superfish.js?s7978ofalse
                                                                                        		unknown
                                                                                        https://www.highmotionsoftware.com/modules/system/system.base.css?s7978ofalse
                                                                                          		unknown
                                                                                          https://www.highmotionsoftware.com/upd/imbatch/versionfalse
                                                                                            		unknown
                                                                                            https://www.highmotionsoftware.com/sites/all/themes/freshmade/img/navigation-wrapper-2.giffalse
                                                                                              		unknown
                                                                                              https://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2FImBatch&width=550&height=290&show_faces=true&colorscheme=light&stream=false&border_color&header=true&appId=254901247880888false
                                                                                                		unknown
                                                                                                https://www.highmotionsoftware.com/modules/user/user.css?s7978ofalse
                                                                                                  		unknown
                                                                                                  https://www.highmotionsoftware.com/modules/system/system.messages.css?s7978ofalse
                                                                                                    		unknown
                                                                                                    https://www.facebook.com/ajax/bz?__a=1&__ccg=GOOD&__dyn=7wKxa13wt8K2Wmh0Sw8W5U4e0yoW1DwfG1-wd-4o3Bw5VCwjE3awbG0MU2aw7Bx61vw5zw78w5Uw64w8W1uwc-0pa0h-0Lo6-0uS0ue0QU&__hs=20003.BP%3Aplugin_default_pkg.2.0..0.0&__hsi=7423167547787923565&__req=1&__rev=1017120959&__s=%3A%3Akwak1i&__sp=1&__user=0&dpr=1&jazoest=21864&lsd=zEMCM_Ae440ReJt2zgxGVrfalse
                                                                                                      		unknown
                                                                                                      https://www.highmotionsoftware.com/sites/all/libraries/superfish/css/superfish.css?s7978ofalse
                                                                                                        		unknown
                                                                                                        https://www.highmotionsoftware.com/modules/field/theme/field.css?s7978ofalse
                                                                                                          		unknown
                                                                                                          https://img.youtube.com/vi/gMkjyUNksR4/0.jpgfalse
                                                                                                            		unknown
                                                                                                            https://scontent-msp1-1.xx.fbcdn.net/v/t39.30808-1/305658665_411128564497493_3948090867100769521_n.jpg?stp=cp0_dst-jpg_s50x50&_nc_cat=110&ccb=1-7&_nc_sid=6738e8&_nc_ohc=ILFttH4rPpYQ7kNvgEXQC67&_nc_ht=scontent-msp1-1.xx&edm=AEDRbFQEAAAA&_nc_gid=A4syIzp1y9Bx-a7cihdwta0&oh=00_AYA9WCkZOMo01cK7VhGgG8y9efecxW6MGJWI6xwYX39svg&oe=670A2166false
                                                                                                              		unknown
                                                                                                              https://www.highmotionsoftware.com/sites/all/libraries/superfish/supersubs.js?s7978ofalse
                                                                                                                		unknown

                                                                                                                URLs from Memory and Binaries

                                                                                                                NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUSecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exefalse
                                                                                                                  		unknown
                                                                                                                  https://icons8.ru/SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://www.imagemagick.org=h#SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://www.libpng.org/pub/mng/ImBatch.exe, 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://www.highmotionsoftware.com/products/imbatch/thankyouPSecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000002.1678242586.0000000003B71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://www.highmotionsoftware.com/products/imbatch/thankyouWSecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000002.1678242586.0000000003B71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://www.wvware.com/libwmf:SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000517C000.00000004.00001000.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://www.indyproject.org/ImBatch.exe, 00000004.00000002.3954183742.00000000010AE000.00000020.00000001.01000000.00000007.sdmp, ImBatch.exe, 00000004.00000002.4004426872.00000000051EE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://www.HighMotionSoftware.com/SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000003.1682173621.000000000231C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://www.HighMotionSoftware.com/)SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000003.1682173621.000000000231C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://www.highmotionsoftware.com/download-center/imbatchImBatch.exe, 00000004.00000002.4035000015.0000000014674000.00000004.00001000.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4039335647.00000000151E8000.00000004.00000020.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4027221865.000000000F99D000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://www.HighMotionSoftware.com)SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://www.highmotionsoftware.com/upd/imbatch/versionppImBatch.exe, 00000004.00000002.4015052342.0000000007BF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        http://www.wvware.com/ImBatch.exe, 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://www.highmotionsoftware.com/products/imbatch/thankyou$SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1653547838.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1625867605.00000000009A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://www.remobjects.com/psSecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000003.1446570727.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000003.1445813136.00000000026C0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000000.1448131608.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            https://www.innosetup.com/SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000003.1446570727.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000003.1445813136.00000000026C0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000000.1448131608.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            https://www.highmotionsoftware.com/upd/imbatch/versionRImBatch.exe, 00000004.00000002.4015052342.0000000007B6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://www.highmotionsoftware.com/upd/imbatch/urlUImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://www.highmotionsoftware.com/products/imbatch/thankyou3SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1653547838.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1625867605.00000000009A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://www.highmotionsoftware.com/products/imbatch/thankyou5SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000002.1670201560.0000000000918000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://headhtml%.20s%ddefault%d%.20sSecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000517C000.00000004.00001000.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://www.HighMotionSoftware.com/Fhttps://www.HighMotionSoftware.com/Fhttps://www.HighMotionSoftwaSecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000003.1444075146.0000000002580000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1450311174.0000000003510000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        http://www.highmotionsoftware.com/products/imbatch)SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://umich.edu/~shameem)ImBatch.exe, 00000004.00000002.3956213744.0000000002006000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://www.highmotionsoftware.com/upd/imbatch/versionaImBatch.exe, 00000004.00000002.4037746737.0000000014E08000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://www.wvware.com/c:SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000517C000.00000004.00001000.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                http://www.cl.cam.ac.uk/~mgk25/SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://www.imagemagick.orgindex.htmlQ16ImageMagickSecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/ImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://medical.nema.org/.SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000517C000.00000004.00001000.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://www.highmotionsoftware.com/imb_order.php?LangID=ImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://stats.g.doubleclick.net/j/collect?chromecache_296.9.drfalse
                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://www.bolidesoft.com/bc/put.php?v=1&pid=110&w=cd&cid=ImBatch.exe, 00000004.00000002.3980972653.0000000002324000.00000004.00000020.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4015052342.0000000007BF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://www.highmotionsoftware.com/products/imbatch/thankyouesSecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1653547838.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1625867605.00000000009A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://www.bolidesoft.com/a/banner/check.php?pid=110&b=762&l=0&f=n&ab=%3CClick%20to%20set%20your%20ImBatch.exe, 00000004.00000002.4015052342.0000000007BDA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://imagemagick.org/script/download.php#windowsopenImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  http://www.imagemagick.orgImBatch.exe, 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://www.highmotionsoftware.com/lucentImBatch.exe, 00000004.00000002.4015052342.0000000007B6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://www.bolidesoft.com/bc/put.php?v=1&pid=ImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://www.highmotionsoftware.com/ImBatch.exe, 00000004.00000002.4039335647.00000000151FE000.00000004.00000020.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4015052342.0000000007BF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://www.bolidesoft.com/ImBatch.exe, 00000004.00000002.4039335647.00000000151FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            ftp://swrinde.nde.swri.edu/pub/mng/documents/.SeeImBatch.exe, 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0ImBatch.exe, 00000004.00000002.4015052342.0000000007B8C000.00000004.00000020.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4015052342.0000000007BF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://crowdin.com/project/imbatchUImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  http://www.eurekalog.com/help/eurekalog/internal_errors.phpEurekaLogImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmp, is-8GFDD.tmp.2.drfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://www.HighMotionSoftware.com/$notSecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1450311174.0000000003510000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      https://www.google.%/ads/ga-audiences?chromecache_296.9.drfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        https://www.highmotionsoftware.com/products/imbatch/thankyougxSecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1653547838.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1625867605.00000000009A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://www.google.com/analytics/web/inpage/pub/inpage.js?chromecache_296.9.drfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://www.bolidesoft.com/a/activate/activate.php?pid=110&kid=112&hw=ImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              https://www.highmotionsoftware.com/help/imbatch/filter_taskUImBatch.exe, 00000004.00000002.3938862172.0000000000704000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://www.HighMotionSoftware.com/SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  https://www.highmotionsoftware.com/products/imbatch/thankyouC:SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616286651.00000000007D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    http://www.smtpe.orgSecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000517C000.00000004.00001000.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpfalse
                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                      https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0ImBatch.exe, 00000004.00000002.4015052342.0000000007B8C000.00000004.00000020.00020000.00000000.sdmp, ImBatch.exe, 00000004.00000002.4015052342.0000000007BF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                        https://www.highmotionsoftware.com/products/imbatch/uninstallSecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1450311174.0000000003510000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                          http://www.imagemagick.org/www/Notice.html.SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1616459416.000000000521F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                            https://www.highmotionsoftware.com/ru/products/imbatch/thankyouSecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000003.1444075146.0000000002580000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe, 00000000.00000003.1682173621.00000000022C0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1642823671.0000000002497000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1626988732.0000000003D2A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1626988732.0000000003D6E000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1450311174.0000000003510000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp, 00000002.00000003.1626988732.0000000003D4D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                              http://www.aiim.org/pdfa/ns/id/ImBatch.exe, ImBatch.exe, 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmpfalse
                                                                                                                                                                                                                                		unknown

                                                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                142.250.186.68
                                                                                                                                                                                                                                		www.google.comUnited States
                                                                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                                                                13.32.27.32
                                                                                                                                                                                                                                		d322cqt584bo4o.cloudfront.netUnited States
                                                                                                                                                                                                                                		7018ATT-INTERNET4USfalse
                                                                                                                                                                                                                                104.193.111.117
                                                                                                                                                                                                                                		bolidesoft.comUnited States
                                                                                                                                                                                                                                		63410PRIVATESYSTEMSUSfalse
                                                                                                                                                                                                                                157.240.26.27
                                                                                                                                                                                                                                		scontent-msp1-1.xx.fbcdn.netUnited States
                                                                                                                                                                                                                                		32934FACEBOOKUSfalse
                                                                                                                                                                                                                                104.16.79.73
                                                                                                                                                                                                                                		static.cloudflareinsights.comUnited States
                                                                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                172.67.164.223
                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                104.21.11.4
                                                                                                                                                                                                                                		www.highmotionsoftware.comUnited States
                                                                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                142.250.186.78
                                                                                                                                                                                                                                		ytimg.l.google.comUnited States
                                                                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                                                                216.58.206.46
                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                                                                157.240.251.9
                                                                                                                                                                                                                                		scontent.xx.fbcdn.netUnited States
                                                                                                                                                                                                                                		32934FACEBOOKUSfalse
                                                                                                                                                                                                                                239.255.255.250
                                                                                                                                                                                                                                		unknownReserved
                                                                                                                                                                                                                                		unknownunknownfalse
                                                                                                                                                                                                                                157.240.253.35
                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                		32934FACEBOOKUSfalse
                                                                                                                                                                                                                                157.240.251.35
                                                                                                                                                                                                                                		star-mini.c10r.facebook.comUnited States
                                                                                                                                                                                                                                		32934FACEBOOKUSfalse

                                                                                                                                                                                                                                Private

                                                                                                                                                                                                                                IP
                                                                                                                                                                                                                                192.168.2.8
                                                                                                                                                                                                                                192.168.2.9
                                                                                                                                                                                                                                192.168.2.6
                                                                                                                                                                                                                                192.168.2.5

                                                                                                                                                                                                                                General Information

                                                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                Analysis ID:1528522
                                                                                                                                                                                                                                Start date and time:2024-10-08 00:39:51 +02:00
                                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                Overall analysis duration:0h 12m 25s
                                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                Number of analysed new started processes analysed:14
                                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                                Sample name:SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe
                                                                                                                                                                                                                                Detection:SUS
                                                                                                                                                                                                                                Classification:sus30.evad.winEXE@21/377@32/17
                                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                                                • Successful, ratio: 52%
                                                                                                                                                                                                                                • Number of executed functions: 40
                                                                                                                                                                                                                                • Number of non-executed functions: 231
                                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                                                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                                Warnings

                                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 2.16.100.168, 192.229.221.95, 216.58.212.142, 108.177.15.84, 142.250.186.131, 34.104.35.123, 142.250.186.46, 142.250.185.200, 172.217.18.8, 142.250.181.234, 142.250.185.234, 142.250.185.138, 142.250.185.170, 142.250.185.202, 142.250.186.42, 142.250.184.202, 172.217.16.138, 142.250.185.106, 172.217.18.10, 216.58.206.74, 142.250.184.234, 216.58.206.42, 142.250.186.74, 172.217.16.202, 142.250.186.170, 142.250.186.72, 172.217.18.104, 216.58.206.78, 199.232.214.172, 172.217.18.3, 142.250.185.142
                                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, ssl.google-analytics.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, www.googletagmanager.com, update.googleapis.com, clients.l.google.com, www.google-analytics.com
                                                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                • VT rate limit hit for: SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe

                                                                                                                                                                                                                                Simulations

                                                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                                18:41:14API Interceptor10918874x Sleep call for process: ImBatch.exe modified

                                                                                                                                                                                                                                LLM Input / Output

                                                                                                                                                                                                                                InputOutput
                                                                                                                                                                                                                                URL: https://www.highmotionsoftware.com/products/imbatch/thankyou Model: jbxai
                                                                                                                                                                                                                                {
"brand":["High Motion Software"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"Order Commercial License",
"text_input_field_labels":["Name",
"Email"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"text":"Thank you for installing ImBatch! ImBatch is successfully installed on your computer and ready to run. ImBatch is FREE for personal use only. Commercial usage requires a license. Multithreaded processing mode and extended command-line support are available in the licensed version only. Order Commercial License By the way,
 we got VidBatch for the batch VIDEO processing too! Get notified about updates,
 subscribe ImBatch mail list! Name Email Do you like it? If yes,
 follow us on Facebook! Join the ImBatch community on Facebook. Feel free to post any suggestions or communicate with other ImBatch users there. Also,
 learn the latest news about ImBatch.",
"has_visible_qrcode":false}
                                                                                                                                                                                                                                URL: https://www.highmotionsoftware.com/products/imbatch/thankyou Model: jbxai
                                                                                                                                                                                                                                {
"phishing_score":2,
"brands":"High Motion Software",
"legit_domain":"highmotionsoftware.com",
"classification":"unknown",
"reasons":["The brand 'High Motion Software' is not widely recognized,
 making it difficult to classify as 'known' or 'wellknown'.",
"The URL 'www.highmotionsoftware.com' matches the brand name exactly,
 which is a good indicator of legitimacy.",
"There are no suspicious elements in the URL such as misspellings,
 extra characters,
 or unusual domain extensions.",
"The input field 'Name' is generic and does not raise immediate suspicion."],
"brand_matches":[true],
"url_match":true,
"brand_input":"High Motion Software",
"input_fields":"Name"}

                                                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                                                IPs

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                104.193.111.117promot_s.msiGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                  239.255.255.250Audio_Msg..00293614554893Transcript.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    http://hans.uniformeslaamistad.com/prog/66f5db9e54794_vfkagks.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      http://xdr.euw31usea1-carbonhelixbytedandomaincontrolpanele-for-github.sentinelone.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                          RemittanceDetails(Rjackson)CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                            https://url.avanan.click/v2/r01/___https://www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.ht.zpdzwq?v=frudxdBjlfmjfqymhfwj.ht.pjd.kwjsy___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzpiNGZlZGFhNjcxOTBhYjU4MTE5MjBlZTRiYTAxZmUwMTo3OmIxYWM6MDg1ODNlNjljZDkwNThkM2ZiM2RjYTI4MzFjZGY4NGFmMTYyZTlhYmVjYWYxY2Q4MmNkZDhiNmFmOWVkOWUxOTpoOlQ6VA#Sm9hbi5LbmlwcGVuQEVsa2F5LkNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              https://www.dropbox.com/scl/fi/qo6796ed7hlrt0v8k9nr6/Patagonia-Health-Barcode-Scanner-Setup-2024.exe?rlkey=5bmndvx8124ztopqewiogbnlt&st=yvxpokhf&dl=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                https://login.stmarytx.edu/cas/logout?service=http%3A%2F%2Fgoogle.com%2Famp%2Fmatrikaengineeringworks.com/hebc/?#?m=bWVsaXNzYWdAd2Utd29ybGR3aWRlLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    https://dsdhie.org/dsjhemGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      13.32.27.32https://free-5479402.webadorsite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        https://klassens55.wixsite.com/my-siteGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          https://maildttaccount4883.wixsite.com/my-siteGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            https://www.evernote.com/shard/s479/sh/f2d71c2f-c933-1ab7-1a98-e97ae4d52276/kb79Ui9tIHRqbmjZYMJpPmj3ncfYJkUrYeW1W1Qu0xLbxakNkXT4g_hT-gGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                              104.16.79.73http://tcaconnect.ac-page.com/toronto-construction-association-inc/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                https://maxask.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  https://pcrestore.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    http://ak437453-76542337354.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      https://swiftclaimairdropmeta.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                        http://afcudigital.biz/ebill/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          https://chattts-49f1.beszyrecala.workers.dev/16059c05-eb99-4880-8bcd-d4=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            https://chattts-49f1.beszyrecala.workers.dev/8f4343f2-5122-469d-b1ec-a6=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              https://chattts-49f1.beszyrecala.workers.dev/7d0028e1-90be-4e47-b191-f05=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                https://chattts-49f1.beszyrecala.workers.dev/f9f981ac-a3fc-46ec-96fe-22=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  172.67.164.223fsd8ks3VNb.exeGet hashmaliciousRaccoon SmokeLoaderBrowse

                                                                                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                    static.cloudflareinsights.comhttp://kendellseafoods.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 104.16.80.73
                                                                                                                                                                                                                                                                                    http://tcaconnect.ac-page.com/toronto-construction-association-inc/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 104.16.80.73
                                                                                                                                                                                                                                                                                    https://maxask.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 104.16.80.73
                                                                                                                                                                                                                                                                                    https://pcrestore.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 104.16.79.73
                                                                                                                                                                                                                                                                                    http://ak437453-76542337354.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 104.16.80.73
                                                                                                                                                                                                                                                                                    https://swiftclaimairdropmeta.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                    • 104.16.79.73
                                                                                                                                                                                                                                                                                    http://afcudigital.biz/ebill/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                    • 104.16.80.73
                                                                                                                                                                                                                                                                                    https://pub-8dc94ac03e5a4ccc9206980dbd33a882.r2.dev/ddd.html#3mail@b.cGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 104.16.80.73
                                                                                                                                                                                                                                                                                    https://chattts-49f1.beszyrecala.workers.dev/16059c05-eb99-4880-8bcd-d4=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 104.16.79.73
                                                                                                                                                                                                                                                                                    https://chattts-49f1.beszyrecala.workers.dev/8f4343f2-5122-469d-b1ec-a6=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 104.16.79.73

                                                                                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                    ATT-INTERNET4UShttps://s.craft.me/yB5midhwwaHUPWGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                    • 13.32.27.116
                                                                                                                                                                                                                                                                                    cenSXPimaG.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                    • 108.209.29.18
                                                                                                                                                                                                                                                                                    2UngC9fiGa.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                    • 12.30.116.248
                                                                                                                                                                                                                                                                                    0wG3Y7nLHa.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                    • 75.9.72.88
                                                                                                                                                                                                                                                                                    XvAqhy3FO6.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                    • 13.1.178.163
                                                                                                                                                                                                                                                                                    970Qh1XiFt.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                    • 172.140.18.194
                                                                                                                                                                                                                                                                                    na.elfGet hashmaliciousGafgytBrowse
                                                                                                                                                                                                                                                                                    • 104.55.155.178
                                                                                                                                                                                                                                                                                    na.elfGet hashmaliciousGafgytBrowse
                                                                                                                                                                                                                                                                                    • 104.55.155.183
                                                                                                                                                                                                                                                                                    na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 13.0.106.91
                                                                                                                                                                                                                                                                                    https://future.nhs.ukGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 13.32.27.107
                                                                                                                                                                                                                                                                                    PRIVATESYSTEMSUSyakov.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                    • 67.222.3.222
                                                                                                                                                                                                                                                                                    Payment copy.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                                    • 170.249.236.53
                                                                                                                                                                                                                                                                                    Zeskanowana lista przedmiot#U00f3w nr 84329.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                                    • 170.249.236.53
                                                                                                                                                                                                                                                                                    Gescanntes Artikelliste_Bestellnummer 25477.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                                    • 170.249.236.53
                                                                                                                                                                                                                                                                                    https://catch35.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 162.246.59.110
                                                                                                                                                                                                                                                                                    https://www.isobuster.com/dl.php?d=isobuster.com&v=3&l=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 104.193.109.63
                                                                                                                                                                                                                                                                                    firmware.armv4l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 192.196.159.200
                                                                                                                                                                                                                                                                                    firmware.armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 192.196.159.200
                                                                                                                                                                                                                                                                                    firmware.x86_64.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 170.249.206.146
                                                                                                                                                                                                                                                                                    NEW.P.ORDER .ENQUIRY56433.PDF.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                                    • 170.249.217.170
                                                                                                                                                                                                                                                                                    CLOUDFLARENETUSAudio_Msg..00293614554893Transcript.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 104.17.25.14
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                                                                                    • 104.21.80.31
                                                                                                                                                                                                                                                                                    SecuriteInfo.com.Win32.Evo-gen.11282.4102.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                    • 172.67.206.204
                                                                                                                                                                                                                                                                                    9Y6R8fs0wd.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                    • 172.67.206.204
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                    • 172.67.206.204
                                                                                                                                                                                                                                                                                    RemittanceDetails(Rjackson)CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                    • 104.17.25.14
                                                                                                                                                                                                                                                                                    PFW1cgN8EK.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                    • 172.67.206.204
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                    • 104.21.53.8
                                                                                                                                                                                                                                                                                    https://url.avanan.click/v2/r01/___https://www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.ht.zpdzwq?v=frudxdBjlfmjfqymhfwj.ht.pjd.kwjsy___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzpiNGZlZGFhNjcxOTBhYjU4MTE5MjBlZTRiYTAxZmUwMTo3OmIxYWM6MDg1ODNlNjljZDkwNThkM2ZiM2RjYTI4MzFjZGY4NGFmMTYyZTlhYmVjYWYxY2Q4MmNkZDhiNmFmOWVkOWUxOTpoOlQ6VA#Sm9hbi5LbmlwcGVuQEVsa2F5LkNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                                                                                                                    EUYIlr7uUX.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                                    • 172.65.255.143

                                                                                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                    1138de370e523e824bbca92d049a3777Audio_Msg..00293614554893Transcript.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 23.206.229.226
                                                                                                                                                                                                                                                                                    http://hans.uniformeslaamistad.com/prog/66f5db9e54794_vfkagks.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 23.206.229.226
                                                                                                                                                                                                                                                                                    RemittanceDetails(Rjackson)CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                    • 23.206.229.226
                                                                                                                                                                                                                                                                                    https://url.avanan.click/v2/r01/___https://www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.ht.zpdzwq?v=frudxdBjlfmjfqymhfwj.ht.pjd.kwjsy___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzpiNGZlZGFhNjcxOTBhYjU4MTE5MjBlZTRiYTAxZmUwMTo3OmIxYWM6MDg1ODNlNjljZDkwNThkM2ZiM2RjYTI4MzFjZGY4NGFmMTYyZTlhYmVjYWYxY2Q4MmNkZDhiNmFmOWVkOWUxOTpoOlQ6VA#Sm9hbi5LbmlwcGVuQEVsa2F5LkNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 23.206.229.226
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                    • 23.206.229.226
                                                                                                                                                                                                                                                                                    L-tron_Payroll.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 23.206.229.226
                                                                                                                                                                                                                                                                                    WiTqtf1aiE.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                                                                                                    • 23.206.229.226
                                                                                                                                                                                                                                                                                    https://ipp.safetyworksolutions.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 23.206.229.226
                                                                                                                                                                                                                                                                                    FdjDPFGTZS.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                    • 23.206.229.226
                                                                                                                                                                                                                                                                                    Aew8SXjXEb.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                                                    • 23.206.229.226
                                                                                                                                                                                                                                                                                    28a2c9bd18a11de089ef85a160da29e4Audio_Msg..00293614554893Transcript.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 172.202.163.200
                                                                                                                                                                                                                                                                                    • 184.28.90.27
                                                                                                                                                                                                                                                                                    SecuriteInfo.com.Trojan.DownLoader47.43340.12576.1316.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                                                    • 172.202.163.200
                                                                                                                                                                                                                                                                                    • 184.28.90.27
                                                                                                                                                                                                                                                                                    http://hans.uniformeslaamistad.com/prog/66f5db9e54794_vfkagks.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 172.202.163.200
                                                                                                                                                                                                                                                                                    • 184.28.90.27
                                                                                                                                                                                                                                                                                    9Y6R8fs0wd.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                    • 172.202.163.200
                                                                                                                                                                                                                                                                                    • 184.28.90.27
                                                                                                                                                                                                                                                                                    http://xdr.euw31usea1-carbonhelixbytedandomaincontrolpanele-for-github.sentinelone.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 172.202.163.200
                                                                                                                                                                                                                                                                                    • 184.28.90.27
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                    • 172.202.163.200
                                                                                                                                                                                                                                                                                    • 184.28.90.27
                                                                                                                                                                                                                                                                                    RemittanceDetails(Rjackson)CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                    • 172.202.163.200
                                                                                                                                                                                                                                                                                    • 184.28.90.27
                                                                                                                                                                                                                                                                                    PFW1cgN8EK.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                    • 172.202.163.200
                                                                                                                                                                                                                                                                                    • 184.28.90.27
                                                                                                                                                                                                                                                                                    https://url.avanan.click/v2/r01/___https://www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.ht.zpdzwq?v=frudxdBjlfmjfqymhfwj.ht.pjd.kwjsy___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzpiNGZlZGFhNjcxOTBhYjU4MTE5MjBlZTRiYTAxZmUwMTo3OmIxYWM6MDg1ODNlNjljZDkwNThkM2ZiM2RjYTI4MzFjZGY4NGFmMTYyZTlhYmVjYWYxY2Q4MmNkZDhiNmFmOWVkOWUxOTpoOlQ6VA#Sm9hbi5LbmlwcGVuQEVsa2F5LkNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 172.202.163.200
                                                                                                                                                                                                                                                                                    • 184.28.90.27
                                                                                                                                                                                                                                                                                    SecuriteInfo.com.Win32.PWSX-gen.27846.23954.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                    • 172.202.163.200
                                                                                                                                                                                                                                                                                    • 184.28.90.27
                                                                                                                                                                                                                                                                                    37f463bf4616ecd445d4a1937da06e19SecuriteInfo.com.FileRepMalware.12793.28433.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                                                                                    • 172.67.164.223
                                                                                                                                                                                                                                                                                    • 104.193.111.117
                                                                                                                                                                                                                                                                                    Bn7LPdQA1s.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                                                                                                    • 172.67.164.223
                                                                                                                                                                                                                                                                                    • 104.193.111.117
                                                                                                                                                                                                                                                                                    WiTqtf1aiE.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                                                                                                    • 172.67.164.223
                                                                                                                                                                                                                                                                                    • 104.193.111.117
                                                                                                                                                                                                                                                                                    out.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 172.67.164.223
                                                                                                                                                                                                                                                                                    • 104.193.111.117
                                                                                                                                                                                                                                                                                    PEDIDO-144848.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                                    • 172.67.164.223
                                                                                                                                                                                                                                                                                    • 104.193.111.117
                                                                                                                                                                                                                                                                                    SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 172.67.164.223
                                                                                                                                                                                                                                                                                    • 104.193.111.117
                                                                                                                                                                                                                                                                                    down.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 172.67.164.223
                                                                                                                                                                                                                                                                                    • 104.193.111.117
                                                                                                                                                                                                                                                                                    jre-6-windows-i586.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 172.67.164.223
                                                                                                                                                                                                                                                                                    • 104.193.111.117
                                                                                                                                                                                                                                                                                    transferencia.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                                    • 172.67.164.223
                                                                                                                                                                                                                                                                                    • 104.193.111.117
                                                                                                                                                                                                                                                                                    SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                                                    • 172.67.164.223
                                                                                                                                                                                                                                                                                    • 104.193.111.117

                                                                                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\ImBatch\DirectXTex.dll (copy)promot_s.msiGet hashmaliciousLummaC StealerBrowse

                                                                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\ContextMenuEditor.exe (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):10704296
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.078832724749552
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:196608:pn+8JMxFKbXyTrWhKUzSROd5c7D5msdfRahwIn:pn+8JMmbXyTrWhKUzSROd5c7nvbC
                                                                                                                                                                                                                                                                                      MD5:2E8E0CA4CDC0F283A18BB20679FFF5AF
                                                                                                                                                                                                                                                                                      SHA1:BD38B107D81A8143CD68727FC9C724E955DCB3B1
                                                                                                                                                                                                                                                                                      SHA-256:861892F2632AEF5E64932335FE1F1B935557701ED8CDC7DE9AF858DAE9819FF2
                                                                                                                                                                                                                                                                                      SHA-512:74795B2DBD573B35B730D62EE33A65166256FC28D5FB15C97AEFF52FC1D80801F67B7A5FC5D2D366F8B1BA71F23E802AEBBDAA88D499D982797F692F558E4B82
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....T|e..................i...:......%i......0i...@..............................................@..........................`...T.......<)..........0...%...........................................................o...............................text.....h.......h................. ..`.itext...(....i..*....h............. ..`.data........0i.......i.............@....bss.....V....s..........................idata...T...`...V....r.............@....didata..............2s.............@....edata..............<s.............@..@.tls.....................................rdata...............>s.............@..@.reloc...............@s.............@..B.rsrc....<)......<)...y.............@..@.............@.......p..............@..@................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\DirectXTex.dll (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):512512
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.132256533873661
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:0s2rxgixvPs3c9uVutc8Zex6M49V46SvK1YEG1IWB0UcWXteHKC2y2IQH12y7P22:o83cbTXG1v0P2MwWmK+7wEwmf5V
                                                                                                                                                                                                                                                                                      MD5:E80B1F3DF3D25F1F288DD5A6CAE279D5
                                                                                                                                                                                                                                                                                      SHA1:594F575FCBCFFE81DE9CD820418ADF1F577C2CD2
                                                                                                                                                                                                                                                                                      SHA-256:CB6A5059A35E511A673DD5F5EBEDE54A5CA0369A87D2C247D95410DA8ADF647B
                                                                                                                                                                                                                                                                                      SHA-512:F793335BF6A88834E0306417EBB9E405B5971E36650ADD6947D06A462A0C468EC78AF3EFB7901D66C0CBB80D4E63427122AAC5A5A8AC0E3DDCD07DE3F98471D0
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                                                      • Filename: promot_s.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Y.h.Y.h.Y.h.<.k.R.h.<.m...h...i.[.h...l.V.h...k.L.h...m.~.h.<.l.@.h.<.i.\.h.Y.i...h...m.M.h...h.X.h.....X.h...j.X.h.RichY.h.........................PE..L.....U`...........!................=T....... ............................................@.....................................<...............................8%......T...............................@............ ...............................text............................... ..`.rdata...z... ...|..................@..@.data...h$..........................@....rsrc...............................@..@.reloc..8%.......&..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Finished.wav (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):119082
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.882523830594984
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:VOu4CP8XcOSDVkoxcgn4EOhrvAwERQhF6JJ:VOMP8XcVVkG54EGAwsJ
                                                                                                                                                                                                                                                                                      MD5:F92331003C3B2EBD655818DF586BD025
                                                                                                                                                                                                                                                                                      SHA1:55CFF0069092A38698F1734B750C184491A6ED1D
                                                                                                                                                                                                                                                                                      SHA-256:D55795384E4F9901519F15457B53DA087EDD385E6CD004D3F8DA90BCAE1D6E60
                                                                                                                                                                                                                                                                                      SHA-512:CA8B6B6B096616B82D51281E70BEB60BB62A892159F71118860249747D87A4754C1C38CC4D657BDAC6F87DEE405D1DF736531A01164E85C8C2D4DB9FD8E77E7C
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Preview:RIFF"...WAVEfmt ........D....X........data........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................%...3...'...............8...;...(...........8...T...K...-.......&...]...|.~.d...0.......W.y...>...L.z...3...C.......1...4.......i.}.......*.....r(i./.?.-..V"R.(.6(....V...e#."....1..!...<...)...C.-...Y.F.p.>..;.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Graphics\Logo1.png (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):26792
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.969093568625988
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:fY1HRNC3guoVQQO+iPZntEoR342Mm4H+A/HaYX8y:AN5I3Eg42MTP1XL
                                                                                                                                                                                                                                                                                      MD5:4B545983BC2551A7F7054FCF181BBF75
                                                                                                                                                                                                                                                                                      SHA1:51D33CB603E774E71815E828FBFEC9004BC56D6F
                                                                                                                                                                                                                                                                                      SHA-256:496ED63CFB2A7F877792538F34101731731DBF203B40E6AA8C9ACB62688BA748
                                                                                                                                                                                                                                                                                      SHA-512:E8084B5E9FBE6D04136A7F1C1834BB678DA736772B5AEF2AA12780C9BC3CD50250DDB380D9C4984285BE1298F9DD19F152F81AA0E0E8CC66126972B54B53B967
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Preview:.PNG........IHDR.............\r.f....pHYs...........~... .IDATx..yX....?W..(..P\B)..%..0\A.!.PpAA..g..K.k.._rM.%.EE..EQ.$I..P..QS.%.H....c...{a.;..y.#.;s.9.y.{....RI-...hR..+PK-.......Z.aj.@-.<....Zjy........S+.j....V..R.#L.....G..j...E.P.t.L.3..`.........v.\.../.....}.%..'Y.e......o..)...:.......i..[[[...h.5fff4n.......kW~..t....B......../...OVV...]"//....K...H.....&...........+.Q.....U.v.h.%...8;;cggWm.*..&##..........$==......(.".{..*UC.....M........v.j.cG.z.-:v..U.WO?999.=z.o....G.r..3...X.j...#..#...w......m.q.....{w.......U.3g.k.....ILL,...-@"..a ..#...[........C......;..M.J_X5..q..yy...//......NNNXXX`nnN.-.h..fff..Oaa!{..e.-......D h..E..G.........}.N.j6x...u..."233......$++.......%...J..y.o.s.,.l...gm.......i.9...8;;.eK.....[..g....$''..... ..o....?.o.|..9.h?....>00.w.y......o.........KNNN.%..L...5.o.......#.....[o........8;;.y.m........>+.6......^e...T*e]d..0..8j.(ezz........7o*...S.NU...kJ.O .....M.+..X..lmm.|.w._~............Q.[.L

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Graphics\Logo2.png (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PNG image data, 512 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):40593
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.951450070534991
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:isnMDTmHjSJEBh5k3wf+3Jg/j35yJqtTzsKBGU3kMJ8Ici90:WDTmGJo7k3wcgbJyJ8QKBGUFdz90
                                                                                                                                                                                                                                                                                      MD5:CA33D5A0917B4746D5EB359485AD2274
                                                                                                                                                                                                                                                                                      SHA1:83D4F67EDECEE9689E0EE67AA98500BCBCF8228F
                                                                                                                                                                                                                                                                                      SHA-256:DF38CDD83FCA1FB3FFF886112853E51F6781CC759953060EE73196A9DA9C8FE3
                                                                                                                                                                                                                                                                                      SHA-512:A96573F06558313C2794705B4D1C3095F9570EB158517B074CC7F5636AAEE868BDA659BDFDA35D09FCEB228FE31B91E1A4DD95909EA2F5F7B83E8E0C7DD2C167
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Preview:.PNG........IHDR.............}W......pHYs................ cHRM..z%..............u0...`..:....o._.F....IDATx..w.../....:.LO..Ih..F ....d....6...zmpZ?.g.....[...8/.'...L0....AD%$$..F..sw.{..T..... .G......[..s..$..C>joo.$..y...>....R.o...=."......... ..T%..:.p....!....Y.dY>...a.X...j.H...Q..;........xQ......D%*....)...?!..`.H..u.!da*.Z..D........l...O&.H$.P...L...BQ.h.fqg.B..<.A.?....$!..$...........G...NA.^..6.;3....)..B......F3u...I.fONV.(Q.JT......2.BZ..2.Q....B.d2.........................9......-...:t]..i.u.....1.(.->........B.e.y.;.-Z.tee. ....r..."@.0.v...r.?)..%*Q.JT.I3.)2........b...[L.1vagg....<....rpp.}}}.$..,C.E.....?.......D..(B...R...u...X,.....c8....0..-.X..c..,....~.....k..x..'B.....T.$..9.....0!......ulL*..JT....$.L.....1..?....B........c.UtuuA.4x.^x<...n.l3{A.l.@.eC.....06...>...mUU...0.....;;;..*.)D.B.......v.q.UW=...r.,..s0...@......LX.(..%*Q.JT..&..'...d..6.L...v...........N.........xlM_.$x.^..`k...g1q'.w..._....4.8M.V..Q]G.....

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Graphics\is-2JKU1.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):26792
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.969093568625988
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:fY1HRNC3guoVQQO+iPZntEoR342Mm4H+A/HaYX8y:AN5I3Eg42MTP1XL
                                                                                                                                                                                                                                                                                      MD5:4B545983BC2551A7F7054FCF181BBF75
                                                                                                                                                                                                                                                                                      SHA1:51D33CB603E774E71815E828FBFEC9004BC56D6F
                                                                                                                                                                                                                                                                                      SHA-256:496ED63CFB2A7F877792538F34101731731DBF203B40E6AA8C9ACB62688BA748
                                                                                                                                                                                                                                                                                      SHA-512:E8084B5E9FBE6D04136A7F1C1834BB678DA736772B5AEF2AA12780C9BC3CD50250DDB380D9C4984285BE1298F9DD19F152F81AA0E0E8CC66126972B54B53B967
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Preview:.PNG........IHDR.............\r.f....pHYs...........~... .IDATx..yX....?W..(..P\B)..%..0\A.!.PpAA..g..K.k.._rM.%.EE..EQ.$I..P..QS.%.H....c...{a.;..y.#.;s.9.y.{....RI-...hR..+PK-.......Z.aj.@-.<....Zjy........S+.j....V..R.#L.....G..j...E.P.t.L.3..`.........v.\.../.....}.%..'Y.e......o..)...:.......i..[[[...h.5fff4n.......kW~..t....B......../...OVV...]"//....K...H.....&...........+.Q.....U.v.h.%...8;;cggWm.*..&##..........$==......(.".{..*UC.....M........v.j.cG.z.-:v..U.WO?999.=z.o....G.r..3...X.j...#..#...w......m.q.....{w.......U.3g.k.....ILL,...-@"..a ..#...[........C......;..M.J_X5..q..yy...//......NNNXXX`nnN.-.h..fff..Oaa!{..e.-......D h..E..G.........}.N.j6x...u..."233......$++.......%...J..y.o.s.,.l...gm.......i.9...8;;.eK.....[..g....$''..... ..o....?.o.|..9.h?....>00.w.y......o.........KNNN.%..L...5.o.......#.....[o........8;;.y.m........>+.6......^e...T*e]d..0..8j.(ezz........7o*...S.NU...kJ.O .....M.+..X..lmm.|.w._~............Q.[.L

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Graphics\is-V4CLQ.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PNG image data, 512 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):40593
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.951450070534991
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:isnMDTmHjSJEBh5k3wf+3Jg/j35yJqtTzsKBGU3kMJ8Ici90:WDTmGJo7k3wcgbJyJ8QKBGUFdz90
                                                                                                                                                                                                                                                                                      MD5:CA33D5A0917B4746D5EB359485AD2274
                                                                                                                                                                                                                                                                                      SHA1:83D4F67EDECEE9689E0EE67AA98500BCBCF8228F
                                                                                                                                                                                                                                                                                      SHA-256:DF38CDD83FCA1FB3FFF886112853E51F6781CC759953060EE73196A9DA9C8FE3
                                                                                                                                                                                                                                                                                      SHA-512:A96573F06558313C2794705B4D1C3095F9570EB158517B074CC7F5636AAEE868BDA659BDFDA35D09FCEB228FE31B91E1A4DD95909EA2F5F7B83E8E0C7DD2C167
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Preview:.PNG........IHDR.............}W......pHYs................ cHRM..z%..............u0...`..:....o._.F....IDATx..w.../....:.LO..Ih..F ....d....6...zmpZ?.g.....[...8/.'...L0....AD%$$..F..sw.{..T..... .G......[..s..$..C>joo.$..y...>....R.o...=."......... ..T%..:.p....!....Y.dY>...a.X...j.H...Q..;........xQ......D%*....)...?!..`.H..u.!da*.Z..D........l...O&.H$.P...L...BQ.h.fqg.B..<.A.?....$!..$...........G...NA.^..6.;3....)..B......F3u...I.fONV.(Q.JT......2.BZ..2.Q....B.d2.........................9......-...:t]..i.u.....1.(.->........B.e.y.;.-Z.tee. ....r..."@.0.v...r.?)..%*Q.JT.I3.)2........b...[L.1vagg....<....rpp.}}}.$..,C.E.....?.......D..(B...R...u...X,.....c8....0..-.X..c..,....~.....k..x..'B.....T.$..9.....0!......ulL*..JT....$.L.....1..?....B........c.UtuuA.4x.^x<...n.l3{A.l.@.eC.....06...>...mUU...0.....;;;..*.)D.B.......v.q.UW=...r.,..s0...@......LX.(..%*Q.JT..&..'...d..6.L...v...........N.........xlM_.$x.^..`k...g1q'.w..._....4.8M.V..Q]G.....

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Help\QuickStartGuide.pdf (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PDF document, version 1.4
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1753194
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.9721419403313964
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:49152:JSq0TVqy8vOblTFJf68wAq+tl1R2jx2Uva:AzTVMmFJfpwT+tlN
                                                                                                                                                                                                                                                                                      MD5:CDB5F463604D47C073E78320B55CA472
                                                                                                                                                                                                                                                                                      SHA1:F2571DDD0B4565903919E5F1AE6519EF9BB2F7E4
                                                                                                                                                                                                                                                                                      SHA-256:3D2B18BD5CA6FF662A4F513E5E982A70B009F541E81E7AC3F399D80D7A6B1DC7
                                                                                                                                                                                                                                                                                      SHA-512:F3DF1B7812807F0A35840CC0437F40ED0111201B13CFBE9DD78BA27E3A4B2EDAEF34DCEDEF99E21A08DF0485A305A17FCDB91FD6BEF54682C59A9B00AF2AECB8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:%PDF-1.4.%.....2 0 obj.<</Length 3 0 R/Filter/FlateDecode>>.stream.x.u.AKC1.....s.Lg.6..B..... .A<i+.U....^A,.\....&C/.q...*.....O8n......[6'.....t....@.m.R(.....yWo.0Uea.V.si.s;h.bZ...'.nn..i.Wi.F....4 F......Ew ..EN8@..H.ud6..&0w;.O..-.y.m...{.......p..M..endstream.endobj..3 0 obj.203.endobj..4 0 obj.<</Type/XObject/Subtype/Image/Width 1024 /Height 768 /BitsPerComponent 8 /ColorSpace/DeviceRGB/Filter/DCTDecode/Length 44412>>.stream.......JFIF.............C....................................................................C............................................................................".................................................................................R............................................................................................................................................................................................................................................................................... .....................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Help\is-MOFJV.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PDF document, version 1.4
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1753194
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.9721419403313964
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:49152:JSq0TVqy8vOblTFJf68wAq+tl1R2jx2Uva:AzTVMmFJfpwT+tlN
                                                                                                                                                                                                                                                                                      MD5:CDB5F463604D47C073E78320B55CA472
                                                                                                                                                                                                                                                                                      SHA1:F2571DDD0B4565903919E5F1AE6519EF9BB2F7E4
                                                                                                                                                                                                                                                                                      SHA-256:3D2B18BD5CA6FF662A4F513E5E982A70B009F541E81E7AC3F399D80D7A6B1DC7
                                                                                                                                                                                                                                                                                      SHA-512:F3DF1B7812807F0A35840CC0437F40ED0111201B13CFBE9DD78BA27E3A4B2EDAEF34DCEDEF99E21A08DF0485A305A17FCDB91FD6BEF54682C59A9B00AF2AECB8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:%PDF-1.4.%.....2 0 obj.<</Length 3 0 R/Filter/FlateDecode>>.stream.x.u.AKC1.....s.Lg.6..B..... .A<i+.U....^A,.\....&C/.q...*.....O8n......[6'.....t....@.m.R(.....yWo.0Uea.V.si.s;h.bZ...'.nn..i.Wi.F....4 F......Ew ..EN8@..H.ud6..&0w;.O..-.y.m...{.......p..M..endstream.endobj..3 0 obj.203.endobj..4 0 obj.<</Type/XObject/Subtype/Image/Width 1024 /Height 768 /BitsPerComponent 8 /ColorSpace/DeviceRGB/Filter/DCTDecode/Length 44412>>.stream.......JFIF.............C....................................................................C............................................................................".................................................................................R............................................................................................................................................................................................................................................................................... .....................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\ImBatch.exe (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):7767944
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.990778340896316
                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                      SSDEEP:98304:qB4FP84wIh7nlSMuBevGyBkkdzSiYzmH1Ub0+iolqKibI90VOePwsRiNKNERP1eD:44h8qeQVrYaHipJysePMN8wPIrqPPWnB
                                                                                                                                                                                                                                                                                      MD5:A2E5679917DE0C043AED253E90F1E6A0
                                                                                                                                                                                                                                                                                      SHA1:28CCE9C6E8BD009310EFB28C8B3F9BAE05E98921
                                                                                                                                                                                                                                                                                      SHA-256:EC17DEFD7CF1EE21C50EC267FAFC7A991F54C2DFE2CEC0C4DE5001E6A251FC80
                                                                                                                                                                                                                                                                                      SHA-512:CB3812E74B4E3930676B83A55C8FE3151F794CE9EE5B0D30AEE652515158A22061190865D402B652CB6E1DB94DB0A0D2A0EBB07274D8184710B0FD8474522F3E
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ.OO.`........^.~.$.....@....a...@..d80k..&+_..+.&e.L..GVy.....Q..............................................................................................................................................................................................PE..L...D^.f.........."......T........................@..................................:w..........@...........................0..`....@...&...........av..%...p...............................p.............................................................................................`........>...........................@............@.............................`.............0......................@....rsrc....&...@....&.................@..@.............p........&.............@...................1v....&.............@......................................................................................................................................................................................................*%..J=..r.Z..[b_..4C

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\ImBatchContextMenuHandler-X64.dll (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):522240
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.297581878840908
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12288:9B5l4ob1hAXMF5Zm1m4fJIBRqS6+8khJRRz08EMuo:9BD4oM8zZQmqJh
                                                                                                                                                                                                                                                                                      MD5:1E4B82CBD98766F79CE4B7839FC2DB6B
                                                                                                                                                                                                                                                                                      SHA1:FCAE6A9F8E3E152F29E9FAF8BA78F03E746E11C8
                                                                                                                                                                                                                                                                                      SHA-256:74571CBC448309BDA9015D842FD292BD73D8D8CA17ED365EEB6629F019FEF9A9
                                                                                                                                                                                                                                                                                      SHA-512:ED43788800FFC51C354AA94946D1B356D5B7C5DC437511904EF33DBBE9541DDA9BE6CC830C0E467CC129D120958F9EE3731CC28A1F10E44F8D677E52A12A9E9A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J6..+X..+X..+X.M[..+X.M\..+X.M].e+X.C[..+X.C]..+X.C\..+X.MY..+X..+Y.U+X.qBQ..+X.qBX..+X.qB...+X..+...+X.qBZ..+X.Rich.+X.........................PE..d......a.........." .....p..........(........................................@............`..........................................}.......}..........H.......`<........... ..........p...........................P................................................text....o.......p.................. ..`.rdata..^............t..............@..@.data....7....... ..................@....pdata..`<.......>..................@..@.rsrc...H...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\ImBatchContextMenuHandler.dll (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):392704
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.632224443003832
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6144:kbxpXgR5Qgp8jiWE1gNdyewmIExgnmkXBOyZzrMn+7m2Uas7hAOlV+5akFl:kbnwRW8miWE1g9w7ExCm6rzrxvs7haag
                                                                                                                                                                                                                                                                                      MD5:70AB1788BC402CC6ECA8235F5E612023
                                                                                                                                                                                                                                                                                      SHA1:5EA34CEF8CD69F31161B577B5126C96FCFB3C153
                                                                                                                                                                                                                                                                                      SHA-256:D58798F3B423E38B352E0A92A266B399A3BB5A9A141A73699223BB5D04B55924
                                                                                                                                                                                                                                                                                      SHA-512:D0E1F7F5895CE2BDD2ED667CD26421E5DBFDFC369938CE3A9B1B9A85988D3DEBCDB1D089087DCA973D9346463669BD82BBA4326A3A4B6C651824DE7343CA3451
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........\..Y\..Y\..Y9..XQ..Y9..X..Y9..XJ..Y...XI..Y...Xk..Y...XC..Y9..XS..Y\..Y ..Y...XX..Y...X]..Y...Y]..Y\.sY]..Y...X]..YRich\..Y........PE..L......a...........!.....`...................p...............................0............@.........................p.......,...........H.......................H8...Y..p...........................PZ..@............p...............................text....^.......`.................. ..`.rdata..F=...p...>...d..............@..@.data....'..........................@....rsrc...H...........................@..@.reloc..H8.......:..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\ImBatchExtra.dll (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):222208
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.5923760439050625
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:r+mkvfDVAPw5jhjhyjQkD3kBD8l40N4tiofir9byfaMGj0N2ptmuAg0FuDos4L3W:r+mEbRxNqbD328/40nb2v0AO4aMb4
                                                                                                                                                                                                                                                                                      MD5:70C88CFEFA99A53B0BD3CCE9515CA444
                                                                                                                                                                                                                                                                                      SHA1:FE6D8F770F8830FDE35260421BE967BCA191279F
                                                                                                                                                                                                                                                                                      SHA-256:7A8BC97F9CE339B85C4104CA51144AA6883525C8E2BFDCA00A8A4380E810EE75
                                                                                                                                                                                                                                                                                      SHA-512:7C9C4AD1C308895E0CB68DCBE48BB24EE2D3BF35ED5D09D43AB457079F9ED5056DBF2A5790A84BA5800329F9CA884BD7E919203934BC57EA6F40B49DDEFB93C7
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......4.U p.;sp.;sp.;s..8rd.;s..>r.;s..?rh.;s".8rc.;s".>rD.;s".?ro.;s..:rs.;s..:rr.;sp.:s'.;s..2ry.;s..;rq.;s...sq.;s..9rq.;sRichp.;s........PE..L....2.^...........!.........r......~........0............................................@.........................05.......6..<................................"......p...........................P...@............0..(............................text............................... ..`.rdata..V....0....... ..............@..@.data....=...@......................@....rsrc................>..............@..@.reloc...".......$...@..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\ImBatchFormats.dll (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):440832
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.793440946847915
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12288:sLFPWnh5J8Hr5GS+P84JkfDpBnlqCaY8pHint5CWExW8SM:sLFuuL5GS+PDCMm8+8S
                                                                                                                                                                                                                                                                                      MD5:C7EE1E0B7EEBD1DA4B591CD78A7522D9
                                                                                                                                                                                                                                                                                      SHA1:E0DA8EBBB50E82C4D55321010F284B7E50D8A936
                                                                                                                                                                                                                                                                                      SHA-256:75A52C8C8C8F771693CD54C619EEBF23296F382D6BC59A5D7A166C8D40AD5707
                                                                                                                                                                                                                                                                                      SHA-512:EDEDD75A76161B14E8CF53E619B18B04C6AF0B24F23260B53F86E9F57F8BF7A602B361EA098E6282CFE550C54BF6BD40DFA70F71EEF0D83D3E704A2670A5FCEF
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]K...*a..*a..*a.|Lb..*a.|Ld.*a.|Le..*a.KBd..*a.KBe..*a.KBb..*a.Ce.R*a.|L`..*a..*`.C*a.Ch..*a.Ca..*a.C...*a.Cc..*a.Rich.*a.........................PE..L....._`...........!......................................................... ............@.........................p.......0...(................................*......p...............................@...............(............................text............................... ..`.rdata..............................@..@.data....-..........................@..._RDATA.. ...........................@..@.rsrc...............................@..@.reloc...*.......,..................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\ImBatchOpenCV.dll (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):5436928
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.855818705227545
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:49152:QfWMClHXPJ8iChLQxgl1F+JdJdF+FqkMzRdvt52d0xwS8zX1bE1xWLiAUOrNurXm:QOP/Qiglulm3MzRdvtwdyKLiAUqJ
                                                                                                                                                                                                                                                                                      MD5:160FEA7D69354868B1101AE8B536EF18
                                                                                                                                                                                                                                                                                      SHA1:8AD8F072B2148CA03495A977D4783DA7B6F10E5D
                                                                                                                                                                                                                                                                                      SHA-256:1C0B99ECA227B6DE93EC49C8F92BF8FEF680184C198CDD755199D55A44586355
                                                                                                                                                                                                                                                                                      SHA-512:CEB115FB59F112AFA57B0213E8B0E92C70E8FA2C89EF4E33BBFCDB7B72942245D23E81CE220684595ECCDE204E3EE7A69FD14B29B188644D5FAF32EDBDFDB543
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......7.$5s.Jfs.Jfs.Jf..IgA.Jf..Og.Jf..Ngm.Jf.:.fw.Jf!.Igm.Jf!.Og..Jf!.NgQ.Jf..Ng..Jf..Igr.Jf..Og.Jf..Kgp.Jfs.Kf.Jf..Cgg.Jf..Jgr.Jf..fr.Jf..Hgr.JfRichs.Jf........PE..L.....Ia...........!......8..F$.....7.&.......9...............................]...........@.........................P.N......N.(.....Z.......................[.....`#J.p...................p$J......#J.@.............9.,............................text...u.8.......8................. ..`.rdata..x.....9.......8.............@..@.data...l*....N......~N.............@..._RDATA........Z......^P.............@..@.rsrc.........Z......rP.............@..@.reloc........[......tP.............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\ImageMonitor.exe (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):9384872
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.642385961820031
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:196608:3yXKUrGGwAjLP4YetRHd3WhKUza/BtONOLSkQdBPXjfDlR8:3yXIGnetRHhWhKUza/BtONOLiXj7lC
                                                                                                                                                                                                                                                                                      MD5:FEBCD08DA15BB85D2BB99153FACD1E23
                                                                                                                                                                                                                                                                                      SHA1:CA4CF3D9919C1BEDDA551FC0274AB9C6336C5421
                                                                                                                                                                                                                                                                                      SHA-256:EDC45B2344BBCF2295CD36B670E60B4AB98B427CCCAD7875218057C2D519126C
                                                                                                                                                                                                                                                                                      SHA-512:DFC280607A3842014245B51D296FFBC5D657748559A22E9419CD0FD4BD3E2F7D8536A76AA35932277989DE1D8DDCD2A591A4060D9DE25D814CFC88E0F9A10DCE
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....T|e.................dm...!.....T|m.......m...@................................iQ...........@................... ...........T.......R...............%...P...#...........................@.......................................................text...\3m......4m................. ..`.itext.../...Pm..0...8m............. ..`.data.........m......hm.............@....bss....LX...Pw..........................idata...T.......V...4w.............@....didata...............w.............@....edata....... ........w.............@..@.tls.........0...........................rdata.......@........w.............@..@.reloc...#...P...$....w.............@..B.rsrc....R.......R....~.............@..@...................................@..@................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Arabic.lng (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):146012
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.166168165529595
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:ypuFf3vlQwRIzyLVRHj1KJdG+uHH7/VyxTN+TvNV/af8JbRY73bAT4NNp2BdYHBu:yY6uTHGG+uHH7NylN+TvNV/af8JbRY7I
                                                                                                                                                                                                                                                                                      MD5:0F92A47746B73D7058A4BB209C147DD5
                                                                                                                                                                                                                                                                                      SHA1:57E5A7C24C6A3B72A00E1360C11A801B4E231DCE
                                                                                                                                                                                                                                                                                      SHA-256:8C1E6FF69775160BF9232438425A24A7DD0B6C6247371DC22EE9F4C37CF4C3FC
                                                                                                                                                                                                                                                                                      SHA-512:FA85426CF1D35E9A20DC48E1724AE61C0912460035FBE0256647DD3196414E773D1B06E47C75D8D204A0C221F93778E9DC4B15E972D9B59DADA66BAB1E981661
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.A.r.a.b.i.c...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.M.F.M. .D.a.w.d.e.h...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.l.a.l.a.l.o.g.i.t.e.c.h.@.h.o.t.m.a.i.l...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.a.r._.S.A...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.I.m.B.a.t.c.h. .'.1.3.D. .'.D.I...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.F.9.E...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.D.'...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.E.H.'.A.B...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.'.D.:.'.!. .'.D.'.E.1...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.'.:.D.'.B...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.D.'. .*.3.'.D.F.J. .+.'.F.J.)...D.e.f.L.a.n.g.N.a.m.e.=.(.'.A.*.1.'.6.J. .(.'.D.'.F.,.D.J.2.J.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.'.D.D.:.).:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.H.e.l.p. .u.s. .t.o. .u.p.d.a.t.e. .t.h.e. .t.r.a.n.s.l.a.t.i.o.n. .o.n. .C.r.o.w.d.i.n...c.o.m...I.m.a.g.e.N.a.m.e.L.a.b.e.l...C.a.p.t.i.o.n.=.'.3.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Catalan.lng (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):151534
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.593397829802342
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:kxy8ki8u/y0tOa26RZmOUHl9Xp0EbLrrlt//clVaKSJDtNtNNppA/Rl0q+yM:blHPXp0EbLrrlt//clVaKSJDtNtNNpu2
                                                                                                                                                                                                                                                                                      MD5:8D71A8202434B9687C68409E95357BB7
                                                                                                                                                                                                                                                                                      SHA1:0EFACB289A7DB0F19E1F428B6A5639AE06933F44
                                                                                                                                                                                                                                                                                      SHA-256:2F0ADAFE5F190D066143D2369D20893913DEE6AF96D625A9F694F1A7ED92B6DD
                                                                                                                                                                                                                                                                                      SHA-512:DF982F9069A4E8C4FC7C8BD57D612D616973F75EEA0CF85FF406AF392E70F7C3938C1FE58925CCEBE1D460E4E1287C1DE504773997F8C83CFBE70AB06C95DA9B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.C.a.t.a.l... .(.C.a.t.a.l.a.n.)...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.H.i.g.h. .M.o.t.i.o.n. .S.o.f.t.w.a.r.e...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.i.m.b.a.t.c.h.@.h.i.g.h.m.o.t.i.o.n.s.o.f.t.w.a.r.e...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.c.a._.E.S...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.E.n.v.i.a.r. .a. .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.S.i...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N.o...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.A.c.c.e.p.t.a...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.C.a.n.c.e.l...l.a...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.T.a.n.c.a...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.N.o. .m.'.h.o. .t.o.r.n.i.s. .a. .p.r.e.g.u.n.t.a.r...D.e.f.L.a.n.g.N.a.m.e.=.P.e.r. .d.e.f.e.c.t.e. .(.A.n.g.l...s.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.I.d.i.o.m.a.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.H.e.l.p. .u.s. .t.o. .u.p.d.a.t.e. .t.h.e. .t.r.a.n.s.l.a.t.i.o.n. .o.n. .

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Chinese Simplified.lng (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):117764
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.405211564961335
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:+0ozGDYyIsIKXaT+HSrH4KfuN1j9jhYFSLb5/l9AnQ7/t8N8g5Exirqg+:OCHST4KfuN1j9jhYFSLb5/l9AnQ7/t80
                                                                                                                                                                                                                                                                                      MD5:C02AE012C6928D9413DB550FEABB8448
                                                                                                                                                                                                                                                                                      SHA1:087FC4EB112ADAE5CE7EDD20EB6CC7FD514C0977
                                                                                                                                                                                                                                                                                      SHA-256:2C38867132AABDC01A44DD41A230AC4886F1E4DED89873F6C6003BCC0B5612F2
                                                                                                                                                                                                                                                                                      SHA-512:AB876CAEE098D2938335108974FAEC1F3E98B3B3F4B94BA0CD335C255F6961EED443DB63FF8688389CBEAE94A08D04687F4A29AFE4AF2B138CA5B60E51707794
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=..{SO-N.e..T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.Y.a.n.J.u.n. .S.u.n. .&. .'Y<w.N~..e..A.n.a.n.....T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.w.c.x.u.2.1.@.1.2.6...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.z.h._.C.N...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=..S..0R .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=./f..D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.&T..D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.nx.[..D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=..S.m..D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.sQ...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=..N.Q....D.e.f.L.a.n.g.N.a.m.e.=......E.n.g.l.i.s.h.....L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=......L.a.n.g.u.a.g.e.......O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=..^.R.b.N.f.e .C.r.o.w.d.i.n...c.o.m. ..N.v.....I.m.a.g.e.N.a.m.e.L.a.b.e.l...C.a.p.t.i.o.n.=..V.P.T.y..I.m.a.g.e.T.y.p.e.L.a.b.e.l...C.a.p.t.i.o.n.=..V.P{|.W..I.m.a.g.e.P.a.t.h.L.a.b.e.l...C.a.p.t.i.o.n.=..n.e.N9Y..

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Dutch.lng (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):156322
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.584505565254857
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:Mcx43f8giPiCystuzuv5vOajaP2G49gNH0SnCr0/3PPhZwwXLxmUoUl4vzIM6D23:SdOyHthjXQzIM6KK/gIAWhzKzXtdDNNz
                                                                                                                                                                                                                                                                                      MD5:EAC60B8269AC8506E7D82A5637EB8F3B
                                                                                                                                                                                                                                                                                      SHA1:884DF3551EFEDABC2A310BE1F67B37107BC30B49
                                                                                                                                                                                                                                                                                      SHA-256:7C072FAB880326703CD708D1E05BC23B7A283F50DCCC509B3755534E2818520B
                                                                                                                                                                                                                                                                                      SHA-512:B70AF546904AD69B1D2E8C75832E38033A215224B9DA2B2B5AE2E4A0A5070971D272E33B147DB4BF3F78B30795308729E97E1534EF6CA62B7D61C4DA21D19626
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.D.u.t.c.h...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.H.i.g.h. .M.o.t.i.o.n. .S.o.f.t.w.a.r.e...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.f.e.r...H.e.l.p.F.i.l.e.=.H.e.l.p.-.n.l._.N.L...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.T.o.e.v.o.e.g.e.n. .a.a.n. .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.J.a...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N.e.e...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.A.n.n.u.l.e.r.e.n...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.S.l.u.i.t.e.n...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.V.r.a.a.g. .m.e. .n.i.e.t. .w.e.e.r...D.e.f.L.a.n.g.N.a.m.e.=.S.t.a.n.d.a.a.r.d. .(.E.n.g.e.l.s.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.T.a.a.l.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.H.e.l.p. .u.s. .t.o. .u.p.d.a.t.e. .t.h.e. .t.r.a.n.s.l.a.t.i.o.n. .o.n. .C.r.o.w.d.i.n...c.o.m...I.m.a.g.e.N.a.m.e.L.a.b.e.l...C.a.p.t.i.o.n.=.A.f.b.e.e.l.d.i.n.g.s.n.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\English.lng (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):156026
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.612283753716502
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:ijE8miOkFyotISw6Jp8OclF1lD8YbxhBBfXl1OfP4ogjTvPvPPZjgbNGan7l8qui:P9lnlD8UxhBBfXl1OfP4ogjTvPvPPZW9
                                                                                                                                                                                                                                                                                      MD5:0BBC2DA025CED1FD88DECA5374D42815
                                                                                                                                                                                                                                                                                      SHA1:65458F80127726BBB72CD2B7F816219EE3623A71
                                                                                                                                                                                                                                                                                      SHA-256:90358B347206EFB49CC210E41A4048CB45E23B83D96BE3BB3940B535882A1E93
                                                                                                                                                                                                                                                                                      SHA-512:D9DAC4D64972AE69C9C29B35FF32F4FD229EC6725E034F56E48B2F7045D74EE3ED1744ACC60DD80C2B035229242A35E0FDDD20E942B5A5355AC3F8252B6552FA
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.].....L.a.n.g.u.a.g.e.N.a.m.e.=.E.n.g.l.i.s.h.....T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.H.i.g.h. .M.o.t.i.o.n. .S.o.f.t.w.a.r.e.....T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.i.m.b.a.t.c.h.@.h.i.g.h.m.o.t.i.o.n.s.o.f.t.w.a.r.e...c.o.m.....H.e.l.p.F.i.l.e.=.H.e.l.p.-.e.n._.E.n...t.x.t.........[.T.e.x.t.].....A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.S.e.n.d. .t.o. .I.m.B.a.t.c.h.....D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.Y.e.s.....D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N.o.....D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K.....D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.C.a.n.c.e.l.....D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.C.l.o.s.e.....D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.D.o.n.'.t. .a.s.k. .m.e. .a.g.a.i.n.....D.e.f.L.a.n.g.N.a.m.e.=.D.e.f.a.u.l.t. .(.E.n.g.l.i.s.h.).....L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.L.a.n.g.u.a.g.e.:.....O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.H.e.l.p. .u.s. .t.o. .u.p.d.a.t.e. .t.h.e. .t.r.a.n.s.l.a.t.i.o.n. .o.n. .C.r.o.w.d.i.n...c.o.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Finnish.lng (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):155088
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5982085063417686
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:i1y2Z+KnFiNzQZngtCmlSH/vYnE+pzw8COZFiF4rS5V/OsEjsbguRaexaNNpZ9pW:5gHonHzGOZ4F4rS5V/OsEjsbguRaexay
                                                                                                                                                                                                                                                                                      MD5:30AB148B18F0C51A789540A18AD025B4
                                                                                                                                                                                                                                                                                      SHA1:B3D7DFB61B0E7D045E885542FDD8BADFE1DF1166
                                                                                                                                                                                                                                                                                      SHA-256:B83D8BB2D170FBFDF626C7E3B01898E71F2B7017AB77BEE8E1153735250AF6A7
                                                                                                                                                                                                                                                                                      SHA-512:B4F64A4A3BDE246FB59F55350DF41276EC31B943DA37FB67069D464D96B5604FD9E98095D914ADEBBB60942D99C5AF4F9B14AC2D53B2337F3D2CCC226EFF09CA
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.F.i.n.n.i.s.h...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.V.e.i.k.k.o.M...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.i.m.b.a.t.c.h.@.h.i.g.h.m.o.t.i.o.n.s.o.f.t.w.a.r.e...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.f.i._.F.I...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.L...h.e.t... .I.m.B.a.t.c.h.i.i.n...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.K.y.l.l.....D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.E.i...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.P.e.r.u.u.t.a...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.S.u.l.j.e...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=...l... .k.y.s.y. .e.n.......D.e.f.L.a.n.g.N.a.m.e.=.O.l.e.t.u.s. .(.E.n.g.l.i.s.h.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.K.i.e.l.i.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.H.e.l.p. .u.s. .t.o. .u.p.d.a.t.e. .t.h.e. .t.r.a.n.s.l.a.t.i.o.n. .o.n. .C.r.o.w.d.i.n...c.o.m...I.m.a.g.e.N.a.m.e.L.a.b.e.l...C.a.p.t.i.o.n.=.K.u.v.a.n. .n.i.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\French.lng (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):161968
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5999091804710917
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:PlSaijiHMhVVXS2YHUbfGZ69Y3m3c3+ho2JBz4XKmfEl5Hd6ly1m7oVQVWXSMLtp:ZZHmmfEjd6ly1m7oVQVWXSMLt3hcMkxA
                                                                                                                                                                                                                                                                                      MD5:C7E6CCC1612366A036D59CDF34C10E7F
                                                                                                                                                                                                                                                                                      SHA1:8020971717B076D0FF3811CDE5944AB975DB8453
                                                                                                                                                                                                                                                                                      SHA-256:2857F5304A5FE414FED8DE1DC50048F509B53191D9078A3B816493009F76120F
                                                                                                                                                                                                                                                                                      SHA-512:9F687B7F2AB5A7A3B2017F81AAF1C7F923D97064AD9A9573C86C0E36CC61671754A0DE487CBD015F247271B28BC181389278BE7F78C940DD8D427D975EDEE189
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.F.r.e.n.c.h...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.H.i.g.h. .M.o.t.i.o.n. .S.o.f.t.w.a.r.e...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.i.m.b.a.t.c.h.@.h.i.g.h.m.o.t.i.o.n.s.o.f.t.w.a.r.e...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.f.r._.F.R...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.E.n.v.o.y.e.r. ... .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.O.u.i...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N.o.n...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.A.n.n.u.l.e.r...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.F.e.r.m.e.r...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.N.e. .m.e. .d.e.m.a.n.d.e.z. .p.a.s. .d.e. .n.o.u.v.e.a.u...D.e.f.L.a.n.g.N.a.m.e.=.F.r.a.n...a.i.s...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.L.a.n.g.u.e.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.C.o.n.t.r.i.b.u.e.z. ... .a.m...l.i.o.r.e.r. .l.a. .t.r.a.d.u.c.t.i.o.n. .d.e. .c.e. .l.o.g.i.c.i.e.l. .s.u.r. .C.r.o.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\German.lng (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):160502
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.6116266617393156
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:DEXEmSChQyRLVjPTtjUO4QAPCsym5U7uC2+0L+VGH+OLwKPg8ewWK16nytcbdGQO:CsHc8XWxdGQWI8JOcHKpe3GZtSZNNpYq
                                                                                                                                                                                                                                                                                      MD5:F06119A616EEBF5086C91E891A84B367
                                                                                                                                                                                                                                                                                      SHA1:346A7A503305932F020C45A9F1B51CDD2BBD8C21
                                                                                                                                                                                                                                                                                      SHA-256:A9B7E37B4E1A6A0ABEDC0B3EB07D9540723BF5F370B56A333DC6E23EBEBD9D6A
                                                                                                                                                                                                                                                                                      SHA-512:E41816F94B61654739CB31B369E24541B54EB311C8A391952E8E6F7F5DAFF282CB7F8A0DB070A295C92E230801924CAF3EF3538C904D077D7262B651C664A276
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.G.e.r.m.a.n. .(.D.e.u.t.s.c.h.)...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.(.e.h.e.m... .B.e.a.t. .P... .T.r.u.f.f.e.r.).,. .(.A.n.o.n.y.m.o.u.s. .(.u.p.d.a.t.e.d. .M.a.r.c.h. .2.0.2.1.).)...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.(.b.e.a.t...t.r.u.f.f.e.r.@.g.m.x...c.h.).,. .(.-.-.-.)...H.e.l.p.F.i.l.e.=.H.e.l.p.-.d.e._.D.E...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.A.n. .I.m.B.a.t.c.h. .s.e.n.d.e.n...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.J.a...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N.e.i.n...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.A.b.b.r.e.c.h.e.n...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.S.c.h.l.i.e...e.n...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.M.i.c.h. .n.i.c.h.t. .w.i.e.d.e.r. .f.r.a.g.e.n...D.e.f.L.a.n.g.N.a.m.e.=.D.e.u.t.s.c.h...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.S.p.r.a.c.h.e. .(.L.a.n.g.u.a.g.e.).:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.H.i.l.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Greek.lng (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):152060
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.7178239011866587
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:c39uheZzrwtO0m6kZmOUHl9Xp0EbLrrlt//clVaKSJDtNtNNppA/Rl0q+yM:s8lHPXp0EbLrrlt//clVaKSJDtNtNNpp
                                                                                                                                                                                                                                                                                      MD5:256AE2752886922E9FA1E44361B48F45
                                                                                                                                                                                                                                                                                      SHA1:1CCE116EB23D4BF65589441F887A4AF2B10925A8
                                                                                                                                                                                                                                                                                      SHA-256:F8356B94782133850C86DA33B79B824286356D00288B5410750A05CA8ACBE147
                                                                                                                                                                                                                                                                                      SHA-512:155D842ECB693D459107A03E26B32EB59257AE4D33942FED8435ED0FD939F42E6F007198DDF15A11CCA1B3770FEF028F34FEC67BA211D02C8694B90CB26E2E4B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=................. .(.G.r.e.e.k.)...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.H.i.g.h. .M.o.t.i.o.n. .S.o.f.t.w.a.r.e...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.i.m.b.a.t.c.h.@.h.i.g.h.m.o.t.i.o.n.s.o.f.t.w.a.r.e...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.e.l._.G.R...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=................. ....... .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.........D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.........D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.................D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.............D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=...................D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=..... ....... ............... ...........D.e.f.L.a.n.g.N.a.m.e.=..................... .(...............)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.............:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=................. ....... ..... ......................... ..... ...............

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Help-ar_SA.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1792), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):168750
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.413054703465746
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:vsWjM5TNjG8Jcbz8Sd06+4KjnA4+nZoMWIBXBHEtHiGYKj+Ie+5Z6azfXXRI5NkO:F6jnAm+Ie+ThI5fjYZLqF
                                                                                                                                                                                                                                                                                      MD5:E543FC1F8151BB63D66CF401AF114ED9
                                                                                                                                                                                                                                                                                      SHA1:744DEE3A857A3CE0DD565FA647FC2539CC501780
                                                                                                                                                                                                                                                                                      SHA-256:1FEAD2D5BA4E3330FD4490B1B72A80908946D0CA802EAEA380C76DDDC73DB223
                                                                                                                                                                                                                                                                                      SHA-512:93BD5260A4D7AD172039423D1217D5C4862469A63DE2D359970CE83A1B0FEEA0463BFC72E5DE9AC7BCA8070DD71B5F66EE38F19F1746D30B2C952B9EE3469AB4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.d.d.s. .a.n. .e.x.t.r.a. .d.i.m.e.n.s.i.o.n. .t.o. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .w.i.d.t.h. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .t.h.e. .w.i.d.t.h. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .h.e.i.g.h.t. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.). .t.h.e. .h.e.i.g.h.t.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f. .t.h.e. .e.x.t.r.a. .s.p.a.c.e. .a.b.o.v.e. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Help-ca_ES.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1792), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):168750
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.413054703465746
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:vsWjM5TNjG8Jcbz8Sd06+4KjnA4+nZoMWIBXBHEtHiGYKj+Ie+5Z6azfXXRI5NkO:F6jnAm+Ie+ThI5fjYZLqF
                                                                                                                                                                                                                                                                                      MD5:E543FC1F8151BB63D66CF401AF114ED9
                                                                                                                                                                                                                                                                                      SHA1:744DEE3A857A3CE0DD565FA647FC2539CC501780
                                                                                                                                                                                                                                                                                      SHA-256:1FEAD2D5BA4E3330FD4490B1B72A80908946D0CA802EAEA380C76DDDC73DB223
                                                                                                                                                                                                                                                                                      SHA-512:93BD5260A4D7AD172039423D1217D5C4862469A63DE2D359970CE83A1B0FEEA0463BFC72E5DE9AC7BCA8070DD71B5F66EE38F19F1746D30B2C952B9EE3469AB4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.d.d.s. .a.n. .e.x.t.r.a. .d.i.m.e.n.s.i.o.n. .t.o. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .w.i.d.t.h. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .t.h.e. .w.i.d.t.h. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .h.e.i.g.h.t. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.). .t.h.e. .h.e.i.g.h.t.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f. .t.h.e. .e.x.t.r.a. .s.p.a.c.e. .a.b.o.v.e. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Help-de_DE.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1792), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):169194
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.417309764447504
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:aWNYhFMDvTNjs8Gcbz8Sd06+4ljnAf+nSoMWIBXBHEtHiGYKj+Ie+I62zfXXRI5W:J1jnAy+Ie+ghI5N+YTbLqF
                                                                                                                                                                                                                                                                                      MD5:53F7FA50134F4A2F3213BB9FB86C2E43
                                                                                                                                                                                                                                                                                      SHA1:B36DDF40D9631638D3CB200912FEFB3D42D4E976
                                                                                                                                                                                                                                                                                      SHA-256:F0FA4B392CBE3E450CFAB24A36947AF7B7D5717A0CCF20B6C6A819AD39587026
                                                                                                                                                                                                                                                                                      SHA-512:D8E1C9781C9D10E44C2B67EC2FE4AA19B0C635A7E234345570C334EA4E1D93042B4D473C292489FB533D2406E2E01D205C57D04643B692715F3C53715BCD722B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.F...g.t. .d.e.m. .B.i.l.d. .e.i.n.e. .e.x.t.r.a. .D.i.m.e.n.s.i.o.n. .h.i.n.z.u.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.i.e.r.t. .d.i.e. .B.r.e.i.t.e. .d.e.s. .L.i.m.i.t.i.e.r.u.n.g.s.r.a.h.m.e.n.s.,. .o.h.n.e. .S.p.i.e.g.e.l.b.i.l.d... .D.a.s. .r.e.s.u.l.t.i.e.r.e.n.d.e. .B.i.l.d. .p.a.s.s.t. .i.n. .d.i.e. .B.r.e.i.t.e. .(.o.h.n.e. .D.e.h.n.u.n.g.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .h.e.i.g.h.t. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.). .t.h.e. .h.e.i.g.h.t.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f. .t.h.e. .e.x.t.r.a. .s.p.a.c.e. .a.b.o.v.e. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f. .t.h.e. .e.x.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Help-el_GR.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1792), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):168750
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.413054703465746
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:vsWjM5TNjG8Jcbz8Sd06+4KjnA4+nZoMWIBXBHEtHiGYKj+Ie+5Z6azfXXRI5NkO:F6jnAm+Ie+ThI5fjYZLqF
                                                                                                                                                                                                                                                                                      MD5:E543FC1F8151BB63D66CF401AF114ED9
                                                                                                                                                                                                                                                                                      SHA1:744DEE3A857A3CE0DD565FA647FC2539CC501780
                                                                                                                                                                                                                                                                                      SHA-256:1FEAD2D5BA4E3330FD4490B1B72A80908946D0CA802EAEA380C76DDDC73DB223
                                                                                                                                                                                                                                                                                      SHA-512:93BD5260A4D7AD172039423D1217D5C4862469A63DE2D359970CE83A1B0FEEA0463BFC72E5DE9AC7BCA8070DD71B5F66EE38F19F1746D30B2C952B9EE3469AB4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.d.d.s. .a.n. .e.x.t.r.a. .d.i.m.e.n.s.i.o.n. .t.o. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .w.i.d.t.h. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .t.h.e. .w.i.d.t.h. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .h.e.i.g.h.t. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.). .t.h.e. .h.e.i.g.h.t.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f. .t.h.e. .e.x.t.r.a. .s.p.a.c.e. .a.b.o.v.e. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Help-en_EN.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1792), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):170006
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.426215135068183
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:/UE7MjTtrEMBcbp84d06U4KpnAgEVDIkEIj/LPU9Hi8KgxUQk+TbACbfXfT+R92v:nQpnAGEQk+hb+RfzqrTqu
                                                                                                                                                                                                                                                                                      MD5:52EDAFEF060C7A0632E68548350D3519
                                                                                                                                                                                                                                                                                      SHA1:0993D3D97F1AC4E226B0DE88D41C775B228D4E9B
                                                                                                                                                                                                                                                                                      SHA-256:EE01F21D8A2809C3D56DFDE95B37131959271BF3926F98B415E62656DFFEA657
                                                                                                                                                                                                                                                                                      SHA-512:ED7AB0F81F315766357E94ED6ACDF82D3FEBA2A6AFF79993DB637A6A4F06F33DF71A5CC37C3B1E0D401E5809F2A9D8D080B3F3D4170F06E4FCEA8A787BDE57DA
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.].....T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.d.d.s. .a.n. .e.x.t.r.a. .d.i.m.e.n.s.i.o.n. .t.o. .t.h.e. .i.m.a.g.e.......T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .w.i.d.t.h. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .t.h.e. .w.i.d.t.h. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.).......T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .h.e.i.g.h.t. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.). .t.h.e. .h.e.i.g.h.t.......T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f. .t.h.e. .e.x.t.r.a. .s.p.a.c.e. .a.b.o.v.e. .t.h.e. .i.m.a.g.e.......T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Help-es_ES.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1792), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):168750
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.413054703465746
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:vsWjM5TNjG8Jcbz8Sd06+4KjnA4+nZoMWIBXBHEtHiGYKj+Ie+5Z6azfXXRI5NkO:F6jnAm+Ie+ThI5fjYZLqF
                                                                                                                                                                                                                                                                                      MD5:E543FC1F8151BB63D66CF401AF114ED9
                                                                                                                                                                                                                                                                                      SHA1:744DEE3A857A3CE0DD565FA647FC2539CC501780
                                                                                                                                                                                                                                                                                      SHA-256:1FEAD2D5BA4E3330FD4490B1B72A80908946D0CA802EAEA380C76DDDC73DB223
                                                                                                                                                                                                                                                                                      SHA-512:93BD5260A4D7AD172039423D1217D5C4862469A63DE2D359970CE83A1B0FEEA0463BFC72E5DE9AC7BCA8070DD71B5F66EE38F19F1746D30B2C952B9EE3469AB4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.d.d.s. .a.n. .e.x.t.r.a. .d.i.m.e.n.s.i.o.n. .t.o. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .w.i.d.t.h. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .t.h.e. .w.i.d.t.h. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .h.e.i.g.h.t. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.). .t.h.e. .h.e.i.g.h.t.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f. .t.h.e. .e.x.t.r.a. .s.p.a.c.e. .a.b.o.v.e. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Help-fi_FI.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1683), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):163640
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.4643220859857466
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:tId+7qlkNIZuhkdp59DXKtsL1g7j76i+AbfxpVQq9jiPPc08xOIHL20iN8vm5DZb:tIFF2jlMiwqW
                                                                                                                                                                                                                                                                                      MD5:797C3C3680AB78677015A18EAEFEB6B9
                                                                                                                                                                                                                                                                                      SHA1:2AE1CD00C31422D42298A22A6F7A17DB20C4F75A
                                                                                                                                                                                                                                                                                      SHA-256:977CB0D3C6E762C2577370F35680273F889D105B4DEA56729EF6BE44B1D4DBE3
                                                                                                                                                                                                                                                                                      SHA-512:BFD4743B5F37ECAE858AD017159941CE29BB8D0F6A7D2FF0768F88385F6F2D77224A629C148AB8E2E3F28B1DF73B91FBBAEEB929E71776F877EA647A606197CB
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.L.i.s..... .y.l.i.m.....r...i.s.e.n. .u.l.o.t.t.u.v.u.u.d.e.n. .k.u.v.a.a.n.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.M.....r.i.t.t..... .r.a.j.a.u.s.k.e.h.y.k.s.e.n. .l.e.v.e.y.d.e.n.,. .e.i. .p.e.i.l.i.k.u.v.a.a... .T.u.l.o.k.s.e.n.a. .o.l.e.v.a. .k.u.v.a. .s.o.p.i.i. .l.e.v.e.y.d.e.l.l.e. .(.v.e.n.y.t.t...m...t.t...).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.M.....r.i.t.t..... .r.a.j.a.u.s.k.e.h.y.k.s.e.n. .k.o.r.k.e.u.d.e.n.,. .e.i. .p.e.i.l.i.k.u.v.a.a... .T.u.l.o.k.s.e.n.a. .o.l.e.v.a. .k.u.v.a. .s.o.v.e.l.t.u.u. .(.v.e.n.y.t.t...m...t.t...). .k.o.r.k.e.u.t.t.a.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.M.....r.i.t.t..... .y.l.i.m.....r...i.s.e.n. .t.i.l.a.n. .k.o.o.n. .k.u.v.a.n. .y.l...p.u.o.l.e.l.l.a.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.M.....r.i.t.t..... .k.u.v.a.n. .a.l.a.p.u.o.l.e.l.l.a. .o.l.e.v.a.n. .l.i.s...t.i.l.a.n.....T.a.s.k.3.D.I.m.a.g.e.L.e.f.t.M.a.r.g.i.n.H.e.l.p.=.M.....r.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Help-fr_FR.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1711), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):182368
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.4250587097222382
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:gLW/DyxXMgOS1SLxlojeWahTM1GgKXE8QfLagcyMshhImjOzeLgMIFI06rDG7ia1:TLYkLxOjeWqEsQhmzM+cyYFS
                                                                                                                                                                                                                                                                                      MD5:1A444F16866C3AA1916760DFD4A77E4C
                                                                                                                                                                                                                                                                                      SHA1:50869337A75BABD2127D71ABC7168AC1E0F96118
                                                                                                                                                                                                                                                                                      SHA-256:F612FD7984EAE9D1F53195F5A5534A5835C147DB01B84B963D72789479F0BEC0
                                                                                                                                                                                                                                                                                      SHA-512:00F300A669E420B7B0AE19D9E03261381A04C1C002671A45666D9CF4A9B83D9577A24ECDA1AF8797DAEBB3EEF54CDC68C37C18F93A2E42CC5DDFFEB22B5A8557
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.j.o.u.t.e. .u.n.e. .d.i.m.e.n.s.i.o.n. .s.u.p.p.l...m.e.n.t.a.i.r.e. ... .l.'.i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D...f.i.n.i.t. .l.a. .l.a.r.g.e.u.r. .d.u. .c.a.d.r.e. .d.e. .l.i.m.i.t.a.t.i.o.n.,. ... .l.'.e.x.c.l.u.s.i.o.n. .d.e. .l.'.i.m.a.g.e. .m.i.r.o.i.r... .L.'.i.m.a.g.e. .r...s.u.l.t.a.n.t.e. .s.e.r.a. .f.o.n.c.t.i.o.n. .d.e. .l.a. .l.a.r.g.e.u.r. .(.s.a.n.s. ...t.i.r.e.m.e.n.t.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D...f.i.n.i.t. .l.a. .h.a.u.t.e.u.r. .d.u. .c.a.d.r.e. .d.e. .l.i.m.i.t.a.t.i.o.n.,. ... .l.'.e.x.c.l.u.s.i.o.n. .d.e. .l.'.i.m.a.g.e. .m.i.r.o.i.r... .L.'.i.m.a.g.e. .r...s.u.l.t.a.n.t.e. .s.e.r.a. .f.o.n.c.t.i.o.n. .d.e. .l.a. .h.a.u.t.e.u.r. .(.s.a.n.s. ...t.i.r.e.m.e.n.t.).....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D...f.i.n.i.t. .l.a. .t.a.i.l.l.e. .d.e. .l.'.e.s.p.a.c.e. .s.u.p.p.l...m.e.n.t.a.i.r.e. .a.u.-.d.e.s.s.u.s. .d.e. .l.'.i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.B.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Help-hu_HU.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1792), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):168750
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.413054703465746
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:vsWjM5TNjG8Jcbz8Sd06+4KjnA4+nZoMWIBXBHEtHiGYKj+Ie+5Z6azfXXRI5NkO:F6jnAm+Ie+ThI5fjYZLqF
                                                                                                                                                                                                                                                                                      MD5:E543FC1F8151BB63D66CF401AF114ED9
                                                                                                                                                                                                                                                                                      SHA1:744DEE3A857A3CE0DD565FA647FC2539CC501780
                                                                                                                                                                                                                                                                                      SHA-256:1FEAD2D5BA4E3330FD4490B1B72A80908946D0CA802EAEA380C76DDDC73DB223
                                                                                                                                                                                                                                                                                      SHA-512:93BD5260A4D7AD172039423D1217D5C4862469A63DE2D359970CE83A1B0FEEA0463BFC72E5DE9AC7BCA8070DD71B5F66EE38F19F1746D30B2C952B9EE3469AB4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.d.d.s. .a.n. .e.x.t.r.a. .d.i.m.e.n.s.i.o.n. .t.o. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .w.i.d.t.h. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .t.h.e. .w.i.d.t.h. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .h.e.i.g.h.t. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.). .t.h.e. .h.e.i.g.h.t.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f. .t.h.e. .e.x.t.r.a. .s.p.a.c.e. .a.b.o.v.e. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Help-it_IT.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1957), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):182352
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.38575047811943
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:23xzM3O0UFs6XyjoOZoudZQ0OiZBtAwsQdrSrhi5gTK8hgMEfIjmE0Watc4LoGxl:23xsVfoJ9i5DhiMAxgx0ZJGTDmyDuXPg
                                                                                                                                                                                                                                                                                      MD5:FB0296B08215747D3569505111047E5D
                                                                                                                                                                                                                                                                                      SHA1:19BE38FBBC0B0EE2B1D150AEDF8C16633544022A
                                                                                                                                                                                                                                                                                      SHA-256:DB08DD6C1063A37EB58D2415EF07FF4E911FF0CA84B4A0DD81F2F1A891F08746
                                                                                                                                                                                                                                                                                      SHA-512:8153DC3041DD50C5E919B405AC66E597F893A58BEBA86A6AED9811FF02F2637114439957448DEE183EE9F45B3FA564C05C8E910C746FF4385F99104CE355E251
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.g.g.i.u.n.g.i. .u.n.a. .n.u.o.v.a. .d.i.m.e.n.s.i.o.n.e. .a.l.l.'.i.m.m.a.g.i.n.e.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.i.s.c.e. .l.a. .l.a.r.g.h.e.z.z.a. .d.e.l. .f.r.a.m.e.,. .n.o.n. .i.n.c.l.u.d.e. .i.m.m.a.g.i.n.e. .s.p.e.c.c.h.i.o... .L.'.i.m.m.a.g.i.n.e. .s.i. .a.d.a.t.t.e.r... .a.l.l.a. .l.a.r.g.h.e.z.z.a. .(.s.e.n.z.a. .d.e.f.o.r.m.a.r.e.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.i.s.c.e. .l.'.a.l.t.e.z.z.a. .d.e.l. .f.r.a.m.e.,. .n.o.n. .i.n.c.l.u.d.e. .i.m.m.a.g.i.n.e. .s.p.e.c.c.h.i.o... .L.'.i.m.m.a.g.i.n.e. .s.i. .a.d.a.t.t.e.r... .a.l.l.'.a.l.t.e.z.z.a. .(.s.e.n.z.a. .d.e.f.o.r.m.a.r.e.).....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.i.s.c.e. .l.a. .d.i.m.e.n.s.i.o.n.e. .e.x.t.r.a. .d.e.l.l.o. .s.p.a.z.i.o. .s.o.p.r.a. .l.'.i.m.m.a.g.i.n.e.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.i.s.c.e. .l.a. .d.i.m.e.n.s.i.o.n.e. .e.x.t.r.a. .d.e.l.l.o. .s.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Help-ja_JP.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1792), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):168750
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.413054703465746
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:vsWjM5TNjG8Jcbz8Sd06+4KjnA4+nZoMWIBXBHEtHiGYKj+Ie+5Z6azfXXRI5NkO:F6jnAm+Ie+ThI5fjYZLqF
                                                                                                                                                                                                                                                                                      MD5:E543FC1F8151BB63D66CF401AF114ED9
                                                                                                                                                                                                                                                                                      SHA1:744DEE3A857A3CE0DD565FA647FC2539CC501780
                                                                                                                                                                                                                                                                                      SHA-256:1FEAD2D5BA4E3330FD4490B1B72A80908946D0CA802EAEA380C76DDDC73DB223
                                                                                                                                                                                                                                                                                      SHA-512:93BD5260A4D7AD172039423D1217D5C4862469A63DE2D359970CE83A1B0FEEA0463BFC72E5DE9AC7BCA8070DD71B5F66EE38F19F1746D30B2C952B9EE3469AB4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.d.d.s. .a.n. .e.x.t.r.a. .d.i.m.e.n.s.i.o.n. .t.o. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .w.i.d.t.h. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .t.h.e. .w.i.d.t.h. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .h.e.i.g.h.t. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.). .t.h.e. .h.e.i.g.h.t.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f. .t.h.e. .e.x.t.r.a. .s.p.a.c.e. .a.b.o.v.e. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Help-ko_KR.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (951), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):125384
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.641253615931881
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:RimMNNRLzg4C400jQrIi3AqsFC0S+zr1paHMRI+9wxrmV15/LSGQczcHlNJo9/dP:85LwqqsFu+zI8EmkqF
                                                                                                                                                                                                                                                                                      MD5:A8B7CB63C1F3D25FB071A63F17647035
                                                                                                                                                                                                                                                                                      SHA1:DE229B7C4766970F7D9A49463C0C3C7065366D0A
                                                                                                                                                                                                                                                                                      SHA-256:4579C648D226ECB4D0BB40B7CEC80E07B8E9AAD2A9CA3387992E5FF0EFC5C98A
                                                                                                                                                                                                                                                                                      SHA-512:B9DEC1F35B4AD1F4B5D1CE6C369F836C3FF3792A16E65C1B84981E2ABA094DF76847AF29AB766A5E4B19D2352360CBB07DFB8D58D09B4B0CCC769A6500F06EC4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.t....... .X...|. .....i.......T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.... .t....... .D.. ...\. .......X. ...D.|. ...X.i..... ..... .t....... ...D... ..D. ....... .(....... .J.L.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.... .t.....|. ...x.\. ...\. .......X. ...t.|. ...X.i..... ..... .t....... ...t... ..D. ...........T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.t..... ..... .... .....X. .l.0.|. ...X.i.......T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.t..... .D..X. ..... ..... .l.0.|. ...X.i.......T.a.s.k.3.D.I.m.a.g.e.L.e.f.t.M.a.r.g.i.n.H.e.l.p.=.t.....X. .|.... ....X. .....D. ...X.i.......T.a.s.k.3.D.I.m.a.g.e.R.i.g.h.t.M.a.r.g.i.n.H.e.l.p.=.t.....X. .$.x..... ....X. .....D. ...X.i.......T.a.s.k.3.D.I.m.a.g.e.A.n.g.l.e.H.e.l.p.=......D. .0...<.\. .3.D. ......... .t.....|. ........0...\. ....|. ...X.i.......T.a.s.k.3.D.I.m.a.g.e.D.e.p.t.h.H.e.l.p.=.<... ....|. ...X.i.......T.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Help-nl_NL.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1792), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):168750
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.413054703465746
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:vsWjM5TNjG8Jcbz8Sd06+4KjnA4+nZoMWIBXBHEtHiGYKj+Ie+5Z6azfXXRI5NkO:F6jnAm+Ie+ThI5fjYZLqF
                                                                                                                                                                                                                                                                                      MD5:E543FC1F8151BB63D66CF401AF114ED9
                                                                                                                                                                                                                                                                                      SHA1:744DEE3A857A3CE0DD565FA647FC2539CC501780
                                                                                                                                                                                                                                                                                      SHA-256:1FEAD2D5BA4E3330FD4490B1B72A80908946D0CA802EAEA380C76DDDC73DB223
                                                                                                                                                                                                                                                                                      SHA-512:93BD5260A4D7AD172039423D1217D5C4862469A63DE2D359970CE83A1B0FEEA0463BFC72E5DE9AC7BCA8070DD71B5F66EE38F19F1746D30B2C952B9EE3469AB4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.d.d.s. .a.n. .e.x.t.r.a. .d.i.m.e.n.s.i.o.n. .t.o. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .w.i.d.t.h. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .t.h.e. .w.i.d.t.h. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .h.e.i.g.h.t. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.). .t.h.e. .h.e.i.g.h.t.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f. .t.h.e. .e.x.t.r.a. .s.p.a.c.e. .a.b.o.v.e. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Help-pl_PL.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1792), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):168750
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.413054703465746
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:vsWjM5TNjG8Jcbz8Sd06+4KjnA4+nZoMWIBXBHEtHiGYKj+Ie+5Z6azfXXRI5NkO:F6jnAm+Ie+ThI5fjYZLqF
                                                                                                                                                                                                                                                                                      MD5:E543FC1F8151BB63D66CF401AF114ED9
                                                                                                                                                                                                                                                                                      SHA1:744DEE3A857A3CE0DD565FA647FC2539CC501780
                                                                                                                                                                                                                                                                                      SHA-256:1FEAD2D5BA4E3330FD4490B1B72A80908946D0CA802EAEA380C76DDDC73DB223
                                                                                                                                                                                                                                                                                      SHA-512:93BD5260A4D7AD172039423D1217D5C4862469A63DE2D359970CE83A1B0FEEA0463BFC72E5DE9AC7BCA8070DD71B5F66EE38F19F1746D30B2C952B9EE3469AB4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.d.d.s. .a.n. .e.x.t.r.a. .d.i.m.e.n.s.i.o.n. .t.o. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .w.i.d.t.h. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .t.h.e. .w.i.d.t.h. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .h.e.i.g.h.t. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.). .t.h.e. .h.e.i.g.h.t.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f. .t.h.e. .e.x.t.r.a. .s.p.a.c.e. .a.b.o.v.e. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Help-pt_BR.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1817), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):173222
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.439930700902469
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:Z2r2jeGtPnEelamZsQCG3TTch9XN1t1kUTql2ryIHIT3N2rGpX/lLqF:krSvsQCGghHIT1LW
                                                                                                                                                                                                                                                                                      MD5:917F8742771EEF04BE52A7933228F459
                                                                                                                                                                                                                                                                                      SHA1:A1C503819872B9FBF8C98F57D05681E18293A859
                                                                                                                                                                                                                                                                                      SHA-256:C393934680217A35B98A3B5225821D7FEC0C3B30FF743C3F9C25595D4312B400
                                                                                                                                                                                                                                                                                      SHA-512:82F4682C0B8DB364BA8EFBDF2D5D3715855BE54029584D7ABEBFF117D6DDB43BA5797CC67D2D1D4CDC8A2D32D02A1E6E1448329D428FCC5C50BF94F1EEDB63E0
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.c.r.e.s.c.e.n.t.a. .u.m.a. .n.o.v.a. .d.i.m.e.n.s...o. ... .i.m.a.g.e.m.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.e. .a. .l.a.r.g.u.r.a. .d.o. .q.u.a.d.r.o. .l.i.m.i.t.a.n.t.e.,. .s.e.m. .c.o.n.s.i.d.e.r.a.r. .a. .i.m.a.g.e.m. .e.s.p.e.l.h.a.d.a. .A. .i.m.a.g.e.m. .r.e.s.u.l.t.a.n.t.e. .o.c.u.p.a.r... .t.o.d.a. .l.a.r.g.u.r.a. .(.s.e.m. .e.s.t.i.c.a.r.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e. .a. .a.l.t.u.r.a. .d.o. .q.u.a.d.r.o. .l.i.m.i.t.a.n.t.e.,. .s.e.m. .c.o.n.s.i.d.e.r.a.r. .a. .i.m.a.g.e.m. .e.s.p.e.l.h.a.d.a... .A. .i.m.a.g.e.m. .r.e.s.u.l.t.a.n.t.e. .o.c.u.p.a.r... .t.o.d.a. .a.l.t.u.r.a. .(.s.e.m. .e.s.t.i.c.a.r.).....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e. .o. .t.a.m.a.n.h.o. .d.o. .e.s.p.a...o. .e.x.t.r.a. .a.c.i.m.a. .d.a. .i.m.a.g.e.m.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e. .o. .t.a.m.a.n.h.o. .d.o. .e.s.p.a...o. .e.x.t.r.a. .a.b.a.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Help-pt_PT.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1746), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):171812
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.4387341821225235
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:lQpFSbOvS0rI3rk6eGGSeQx9Dh8QvGdEe+rYjZHrRI5mQ3gSSYZhd5:C7FII6eGGeCI5xwGhb
                                                                                                                                                                                                                                                                                      MD5:292CBC727EC1C20AF28E94D0235FF0C6
                                                                                                                                                                                                                                                                                      SHA1:FD8EF4B928EF63AFBC9B7D3D0AF40FD148BB3CB1
                                                                                                                                                                                                                                                                                      SHA-256:E8F9CF6664345BB4216571587B1FA751A27774D4F834D537F41B400DC0E1AA37
                                                                                                                                                                                                                                                                                      SHA-512:3DE93BA35C47C580AAD4010657FA59FDDBA84DCE7D124218C0BFE4B129093FD1B162B95BA9FD6D42916471D7F6D4B3535C767D8D868930A6FDA52B0147A6ADA6
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.d.i.c.i.o.n.a. .u.m.a. .d.i.m.e.n.s...o. .e.x.t.r.a. ... .i.m.a.g.e.m.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.e. .a. .l.a.r.g.u.r.a. .d.o. .l.i.m.i.t.e.,. .n...o. .i.n.c.l.u.i.n.d.o. .a. .i.m.a.g.e.m. .e.s.p.e.l.h.a.d.a... .A. .i.m.a.g.e.m. .r.e.s.u.l.t.a.n.t.e. .e.n.c.a.i.x.a.r.-.s.e.-... .n.a. .l.a.r.g.u.r.a. .(.s.e.m. .a.l.o.n.g.a.m.e.n.t.o.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e. .a. .l.a.r.g.u.r.a. .d.o. .l.i.m.i.t.e.,. .n...o. .i.n.c.l.u.i.n.d.o. .a. .i.m.a.g.e.m. .e.s.p.e.l.h.a.d.a... .A. .i.m.a.g.e.m. .r.e.s.u.l.t.a.n.t.e. .e.n.c.a.i.x.a.r.-.s.e.-... .n.a. .a.l.t.u.r.a. .(.s.e.m. .a.l.o.n.g.a.m.e.n.t.o.).....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e. .o. .t.a.m.a.n.h.o. .d.o. .e.s.p.a...o. .e.x.t.r.a. .a.c.i.m.a. .d.a. .i.m.a.g.e.m.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e. .o. .t.a.m.a.n.h.o. .d.o. .e.s.p.a...o. .e.x.t.r.a. .a.b.a.i.x.o. .d.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Help-ru_RU.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1640), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):178348
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.1138819714129555
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:Y69PntzuSSnSE/OFWXCU8FFWnFj4kqexgDapEh7YeYPwx:XsSSnSE/CWXmEFj4kqugDapEh7Yevx
                                                                                                                                                                                                                                                                                      MD5:9291CA4C1942764FEA0F3820A8418D7B
                                                                                                                                                                                                                                                                                      SHA1:6A03033522CFAD139CCB105C28686206571EEC35
                                                                                                                                                                                                                                                                                      SHA-256:2F1C1F3231AB3682859DA6032C082E6AA979343506EE0E476D999971C811AF5B
                                                                                                                                                                                                                                                                                      SHA-512:39DDEDFFAE904780ECD716028BA6B5EB6FF17546A18077E3FAA6CDF9E609F327AAA46426384201E2F177A9DE562064A60F2340FA9C1771B11C65DD11754EA257
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=...>.1.0.2.;.O.5.B. .?.5.@.A.?.5.:.B.8.2.C. .8.7.>.1.@.0.6.5.=.8.N.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=...0.4.0.5.B. .H.8.@.8.=.C. .>.3.@.0.=.8.G.8.B.5.;.L.=.>.9. .@.0.<.:.8.,. .=.5. .2.:.;.N.G.0.O. .7.5.@.:.0.;.L.=.>.5. .>.B.@.0.6.5.=.8.5... .<.b.r.>...7.>.1.@.0.6.5.=.8.5.,. .?.>.;.C.G.5.=.=.>.5. .2. .@.5.7.C.;.L.B.0.B.5.,. .1.C.4.5.B. .0.4.0.?.B.8.@.>.2.0.=.>. .(.=.>. .=.5. .@.0.A.B.O.=.C.B.>.). .<.b.r.>.:. .4.0.=.=.>.9. .H.8.@.8.=.5.....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=...0.4.0.5.B. .2.K.A.>.B.C. .>.3.@.0.=.8.G.8.B.5.;.L.=.>.9. .@.0.<.:.8.,. .=.5. .2.:.;.N.G.0.O. .7.5.@.:.0.;.L.=.>.5. .>.B.@.0.6.5.=.8.5... .<.b.r.>...7.>.1.@.0.6.5.=.8.5.,. .?.>.;.C.G.5.=.=.>.5. .2. .@.5.7.C.;.L.B.0.B.5.,. .1.C.4.5.B. .0.4.0.?.B.8.@.>.2.0.=.>. .(.=.>. .=.5. .@.0.A.B.O.=.C.B.>.). .<.b.r.>.:. .4.0.=.=.>.9. .2.K.A.>.B.5.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=...0.4.0.5.B. .@.0.7.<.5.@. .4.>.?.>.;.=.8.B.5.;.L.=.>.3.>. .?.@.>.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Help-sv_SE.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1434), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):163412
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.456795145877069
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:Sr/3b8CN7jQJHo1WDDPwZh62hI5fjYZLqF:Sr/L8CN7jKHo1WDDPwZh6OI5fjGLW
                                                                                                                                                                                                                                                                                      MD5:21DCA296AD98619FD99BEE42A06468CB
                                                                                                                                                                                                                                                                                      SHA1:5F3B732E1936E9B308E27E092F163DBF738B9617
                                                                                                                                                                                                                                                                                      SHA-256:158C22B401E7F6D9042027FBF2F274C6409527A7259B9E428B75E9087909D88A
                                                                                                                                                                                                                                                                                      SHA-512:878DB0B2BB0F8206CC625D4664A8E219FCEDE537A46F3284FA5874D2E09C0622446C1C3CAD358DB887664A706DA1DBC865E407BD7DDB4C507F4829E3B6CFF808
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.L...g.g.e.r. .t.i.l.l. .e.n. .e.x.t.r.a. .d.i.m.e.n.s.i.o.n. .t.i.l.l. .b.i.l.d.e.n.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.A.n.g.e.r. .b.r.e.d.d.e.n. .p... .b.i.l.d.r.u.t.a.n.,. .e.x.k.l.u.s.i.v.e. .s.p.e.g.e.l.b.i.l.d... .D.e.n. .f...r.d.i.g.a. .b.i.l.d.e.n. .a.n.p.a.s.s.a.s. .t.i.l.l. .d.e.n.n.a. .b.r.e.d.d. .(.u.t.a.n. .a.t.t. .s.t.r...c.k.a.s. .u.t.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.A.n.g.e.r. .h...j.d.e.n. .p... .b.i.l.d.r.u.t.a.n.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .e.x.k.l.u.s.i.v.e. .s.p.e.g.e.l.b.i.l.d... .D.e.n. .f...r.d.i.g.a. .b.i.l.d.e.n. .a.n.p.a.s.s.a.s. .t.i.l.l. .d.e.n.n.a. .h...j.d. .(.u.t.a.n. .a.t.t. .s.t.r...c.k.a.s. .u.t.).....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.A.n.g.e.r. .s.t.o.r.l.e.k.e.n. .p... .e.x.t.r.a. .m.a.r.g.i.n.a.l.u.t.r.y.m.m.e. .i. ...v.e.r.k.a.n.t. .p... .b.i.l.d.e.n.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.A.n.g.e.r.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Help-uk_UA.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1641), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):173862
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.162050770191868
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:buQbqLb7wY/6inhiJMKWObw6NsquWenDpht7wafuyHeHTrfrRRr0z:bTbqLb7wY/6hcWenDpht7waCHTrrRCz
                                                                                                                                                                                                                                                                                      MD5:1760B5B0980F938BEA581761FAB45BFA
                                                                                                                                                                                                                                                                                      SHA1:2771D39C6160FD069203694E545F520ACA69016B
                                                                                                                                                                                                                                                                                      SHA-256:F4D2EA6BED93E2183945E60749CE4F19C7EC145C766931F9406049935853C2BE
                                                                                                                                                                                                                                                                                      SHA-512:5DCDB671852C3E6AB55C917880B1B507D700CBDDD5E567E583BDEC2866C12F1DCF5EBAEE5B53804CBCBC17445A9CD1AF20B9BEF65198BCB29C8CFAE370575526
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=...>.4.0.T. .?.5.@.A.?.5.:.B.8.2.C. .7.>.1.@.0.6.5.=.=.V.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=...0.4.0.T. .H.8.@.8.=.C. .>.1.<.5.6.C.2.0.;.L.=.>.W. .@.0.<.:.8.,. .=.5. .2.:.;.N.G.0.N.G.8. .4.7.5.@.:.0.;.L.=.5. .2.V.4.>.1.@.0.6.5.=.=.O... .<.b.r.>...>.1.@.0.6.5.=.=.O.,. .>.B.@.8.<.0.=.5. .2. .@.5.7.C.;.L.B.0.B.V.,. .1.C.4.5. .0.4.0.?.B.>.2.0.=.>. .(.0.;.5. .=.5. .@.>.7.B.O.3.=.C.B.>.). .<.b.r.>.4.>. .4.0.=.>.W. .H.8.@.8.=.8.....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=...0.4.0.T. .2.8.A.>.B.C. .>.1.<.5.6.C.2.0.;.L.=.>.W. .@.0.<.:.8.,. .=.5. .2.:.;.N.G.0.N.G.8. .4.7.5.@.:.0.;.L.=.5. .2.V.4.>.1.@.0.6.5.=.=.O... .<.b.r.>...>.1.@.0.6.5.=.=.O.,. .>.B.@.8.<.0.=.5. .2. .@.5.7.C.;.L.B.0.B.V.,. .1.C.4.5. .0.4.0.?.B.>.2.0.=.>. .(.0.;.5. .=.5. .@.>.7.B.O.3.=.C.B.>.). .<.b.r.>.4.>. .4.0.=.>.W. .2.8.A.>.B.8.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=...0.4.0.T. .@.>.7.<.V.@. .4.>.4.0.B.:.>.2.>.3.>. .?.@.>.A.B.>.@.C. .7.2.5.@.E.C. .7.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Help-zh_CN.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (778), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):76582
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.804221361129128
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:TZMhztLQVB1dRj3WXVCaSKyIXNhvdQxKnXo2Cimkvsydgo3WMEg+pdOFtqd:TUL4Pj3WXVPHyIbvdQxKnXoSO
                                                                                                                                                                                                                                                                                      MD5:E8B319C9BB9F0AAAFF40259B5AA411BB
                                                                                                                                                                                                                                                                                      SHA1:B52F06A95F76DB4430D9C3EBED462713E79875EB
                                                                                                                                                                                                                                                                                      SHA-256:129ABDE61BF655411A510ADCC9C1CFE0157D7E0BC16819FF53A0EA927D50F604
                                                                                                                                                                                                                                                                                      SHA-512:7E6FF456433426069D937E948735849034C0C72ADDC89611AFFEBDCAD5AC0EC111F4A99392CDBDF132BB7E698E9CC7404A054DC39C48C56C91B203B130C27F20
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.:N.V.P.m.R...Y.v:\.[.0..T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=..[INP.6R'^.v.[.^...N.S.b\..P.0.u.b.v.V.P.\...T.[.^...N.b8O...0..T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=..[INP.6RFh.v..^...N.S.b\..P.0.u.b.v.V.P.\...T...e...b8O....^.0..T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=..[IN.V.P.N.e.YYOzz...v'Y.\.0..T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=..[IN.V.P.N.e.YYOzz...v'Y.\.0..T.a.s.k.3.D.I.m.a.g.e.L.e.f.t.M.a.r.g.i.n.H.e.l.p.=.(W.V.P.].O.[IN...Y.vzz...0..T.a.s.k.3.D.I.m.a.g.e.R.i.g.h.t.M.a.r.g.i.n.H.e.l.p.=.(W.V.P.S.O.[IN...Y.vzz...0..T.a.s.k.3.D.I.m.a.g.e.A.n.g.l.e.H.e.l.p.=..[IN.v.[.N.W.vt..el. .3.D. .zz..-N.V.P.v..^.0..T.a.s.k.3.D.I.m.a.g.e.D.e.p.t.h.H.e.l.p.=..[INof.m.0..T.a.s.k.3.D.I.m.a.g.e.U.p.D.o.w.n.P.o.s.H.e.l.p.=..[IN.V.P.v.W.vMOn..0..T.a.s.k.3.D.I.m.a.g.e.S.h.o.w.R.e.f.l.e.c.t.i.o.n.H.e.l.p.=..Y.g..-Ndk..y....\.R.^.N*NJS...f.V.P.0..T.a.s.k.3.D.I.m.a.g.e.R.e.f.l.e.c.t.i.o.n.S.t.a.r.t.H.e.l.p.=..[IN.N

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Hungarian.lng (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):152784
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.666595801412355
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:Ai/ImojtjOjvTguu88KIUHzhwAHYG8zUXbaNLV5tMCTIN/zclVaKSIoaeqSNNpep:hTHWUXbaX5tMCTIN/zclVaKSIoaeqSNS
                                                                                                                                                                                                                                                                                      MD5:6C489702B2C5D8630BFA1B6D4476737D
                                                                                                                                                                                                                                                                                      SHA1:F6FD853665A385EB7314B4FF608718FC17BFA4C8
                                                                                                                                                                                                                                                                                      SHA-256:3F50F7E76A17816AA4CA9F01D2AA397BAAD8AAE22EEE076D5ED622DBB71053C4
                                                                                                                                                                                                                                                                                      SHA-512:59F3B0177AF5A435294506F91CA03AD269E1D076EDAEE9DC8CEB759A0B4870FB49F749FCC9090C4B35E55F25B8DB91DA4B26DF4B74100167F73154616C10D916
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.M.a.g.y.a.r...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.H.i.g.h. .M.o.t.i.o.n. .S.o.f.t.w.a.r.e...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.i.m.b.a.t.c.h.@.h.i.g.h.m.o.t.i.o.n.s.o.f.t.w.a.r.e...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.h.u._.H.U...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.K...l.d...s. .a.z. .I.m.B.a.t.c.h. .-.h.o.z...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.I.g.e.n...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N.e.m...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.R.e.n.d.b.e.n...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.M...g.s.e.m...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.B.e.z...r...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.N.e. .k...r.d.e.z.d. .m...g.e.g.y.s.z.e.r...D.e.f.L.a.n.g.N.a.m.e.=.A.l.a.p. .(.a.n.g.o.l.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.N.y.e.l.v.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.S.e.g...t.s. .n.e.k...n.k. .a. .C.r.o.w.d.i.n...c.o.m. .-.o.n. .a. .f.o.r.d...t...s.b.a.n...I.m.a.g.e.N.a.m.e.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Italian.lng (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):159994
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5637735612442523
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:YoSoPenQqwWxbUDcSCpi/S3Izz2a2vHibOG1ePBAh3rzSddL4OPM7gvogo5daeQV:dnKHkePBABrzSddL4OPM7gvogo5daeQV
                                                                                                                                                                                                                                                                                      MD5:BDF3E1545747D4C0DB67E307316B9B6D
                                                                                                                                                                                                                                                                                      SHA1:8443962CB3E082F5C5021ADCDD015B602B42CA70
                                                                                                                                                                                                                                                                                      SHA-256:93EFD74DD83257E290226DBA1FED416DC5CBBEFC0E5130A93DDF835B6D7061BB
                                                                                                                                                                                                                                                                                      SHA-512:D2756D217F9752072765A45BCFA1B1AEAF7F0193A044BCD3E7FC33FD621E1AD935A8D3F337E4E1D24215EAEA48C808B48D6A5402DCD4CF37A6E062E3F1C1FF31
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.I.t.a.l.i.a.n...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.H.i.g.h. .M.o.t.i.o.n. .S.o.f.t.w.a.r.e...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.i.m.b.a.t.c.h.@.h.i.g.h.m.o.t.i.o.n.s.o.f.t.w.a.r.e...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.i.t._.I.T...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.I.n.v.i.a. .a. .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.S.i...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N.o...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.A.n.n.u.l.l.a...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.C.h.i.u.d.i...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.N.o.n. .c.h.i.e.d.e.r.l.o. .p.i.....D.e.f.L.a.n.g.N.a.m.e.=.P.r.e.d.e.f.i.n.i.t.o. .(.E.n.g.l.i.s.h.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.L.i.n.g.u.a.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.A.i.u.t.a.c.i. .a.d. .a.g.g.i.o.r.n.a.r.e. .l.a. .t.r.a.d.u.z.i.o.n.e. .s.u. .C.r.o.w.d.i.n...c.o.m...I.m.a.g.e.N.a.m.e.L.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Japanese.lng (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):126652
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.510487197363285
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:sYcFYtKz2ctsxbHv0cX9lFxzTSTJJPr8VWXCDpx6uAiYo68H2Z2rqwzf9:S+hHvrX9ljzTSTJJPr8VWXCDpx6uAiYu
                                                                                                                                                                                                                                                                                      MD5:DBF9CD4738BC1BEF4E7151634A4F937B
                                                                                                                                                                                                                                                                                      SHA1:0CBBCDFBDFE689D224E897E5CDA7FDDBAC728396
                                                                                                                                                                                                                                                                                      SHA-256:FD54F6B816E26ACA9BD6CD6614B38469238EC05828A66E1684081E21078E826B
                                                                                                                                                                                                                                                                                      SHA-512:DBCE02E6D134CC15C10E642488883172D2328623B1204DBE7C53B098CF522D2C72FB44B1347DBC962FB7E0164D26510A59E1A6228E8650B28934D8FAA2373C74
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=..e,g.. .(.J.a.p.a.n.e.s.e.)...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.D.o.n.k.i.c.h.i.r.o.u...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.d.o.n.k.i.c.h.i.r.o.u.@.g.m.a.i.l...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.j.a._.J.P...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.I.m.B.a.t.c.h. .k0...O..D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.o0D0..D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.D0D0H0..D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=..0.0.0.0.0..D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=...X0.0..D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.!k.VK0.0.x..W0j0D0..D.e.f.L.a.n.g.N.a.m.e.=.D.e.f.a.u.l.t. .(.E.n.g.l.i.s.h.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.........O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.C.r.o.w.d.i.n...c.o.m. ..0..X0_0..3.n0.f.ek0T0TS.RO0`0U0D0..I.m.a.g.e.N.a.m.e.L.a.b.e.l...C.a.p.t.i.o.n.=..0.0.0.0.T..I.m.a.g.e.T.y.p.e.L.a.b.e.l...C.a.p.t.i.o.n.=..0.0.0.0.0.0.0..I.m.a.g.e.P.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Korean.lng (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):130882
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.31899571260427
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:LnQVznSWGhdDVD6q3H65QKjrX+34lzrXQGe/55ea8V+saJkg5NNp+QydlfqcX:CqHaX+34lzrXQGe/55ea8V+saJkg5NNm
                                                                                                                                                                                                                                                                                      MD5:381A5BC7DED3588CCFE1B5D1F8B0B210
                                                                                                                                                                                                                                                                                      SHA1:FA167DC1D76AC87268C4146CD36C98AD675DBC57
                                                                                                                                                                                                                                                                                      SHA-256:970A70A863A4B9AB45CE44E9503BA7EE83A2732A21A2D56EE9928B320C311B0D
                                                                                                                                                                                                                                                                                      SHA-512:DEAEF3F30E248E28B2A5B2DBCC9EDEC4563610E0F20BFC893BD7F1CD652FE58798DD21A71D1B09B2B7B66E7DF218339A7EC34E3316239F865EC63B2ADA8D5704
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=...\...m...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.t.......T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.s.a.d.l.o.v.e.d.l.d.u.@.n.a.v.e.r...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.k.o._.K.R...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.I.m.B.a.t.c.h.\. ......D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.....D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.D..$...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=......D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=..0...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.... .;... .J.....D.e.f.L.a.n.g.N.a.m.e.=.D.e.f.a.u.l.t. .(.E.n.g.l.i.s.h.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=....:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.H.e.l.p. .u.s. .t.o. .u.p.d.a.t.e. .t.h.e. .t.r.a.n.s.l.a.t.i.o.n. .o.n. .C.r.o.w.d.i.n...c.o.m...I.m.a.g.e.N.a.m.e.L.a.b.e.l...C.a.p.t.i.o.n.=.t..... .t....I.m.a.g.e.T.y.p.e.L.a.b.e.l...C.a.p.t.i.o.n.=.t..... . .....I.m.a.g.e.P.a.t.h.L.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Polish.lng (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):156456
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.6874963943647643
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:vrk8eH9GsweQdhb6CKOMCMNJiThl1HFhRC/LcuSeKvGdlPdpnyTc51Zq/DclVaKn:HmSl1Hs/Qel7yTc51Zq/DclVaKSUzae9
                                                                                                                                                                                                                                                                                      MD5:DEC84DB94AF39C243F643F7B2ACE15BB
                                                                                                                                                                                                                                                                                      SHA1:19E1C9C6F93E985A07DD6F7996C7BF221B32FC44
                                                                                                                                                                                                                                                                                      SHA-256:D65D3AD3205E73D817A1160B8BB9DC62AC793EC8787938D7ABAA5DDBC1DE5CEA
                                                                                                                                                                                                                                                                                      SHA-512:F33FDF04457C4A3EF3FE1D482CC9CBC63A3A4238A8E40510157A241AF7A0CC536BF9038D562F25C07F56A79149554D40CD69EF8BCB80424474FC578A88702A26
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.P.o.l.s.k.i...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.M.a.t.e.u.s.z. .K.u.r.l.i.t. .-. .T.r.a.n.s.G.e.n.t...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.t.r.a.n.s.g.e.n.t.@.o.u.t.l.o.o.k...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.p.l._.P.L...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.W.y...l.i.j. .d.o. .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.T.a.k...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N.i.e...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.A.n.u.l.u.j...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.Z.a.m.k.n.i.j...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.N.i.e. .p.y.t.a.j. .p.o.n.o.w.n.i.e...D.e.f.L.a.n.g.N.a.m.e.=.D.o.m.y...l.n.y. .(.A.n.g.i.e.l.s.k.i.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.J...z.y.k.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.P.o.m...|. .n.a.m. .z.a.k.t.u.a.l.i.z.o.w.a... .t.B.u.m.a.c.z.e.n.i.e. .n.a. .C.r.o.w.d.i.n...c.o.m...I.m.a.g.e.N.a.m.e.L.a.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Portuguese, Brazilian.lng (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):159634
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.592872877749342
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:2KCPvYOGBI28dFqHgcLlXZnRIHSSRj0eq/DVaKS+UaeuT4AfDLdtYXxh4A28c1dl:DGYHVXZnRIHSSRj0eq/DVaKS+UaeuT4s
                                                                                                                                                                                                                                                                                      MD5:70AA678CDB6BA801058375EA573D277F
                                                                                                                                                                                                                                                                                      SHA1:53A4020DD8EDA85D6DC85BC31145C83BB966FD1D
                                                                                                                                                                                                                                                                                      SHA-256:DF04B6B76809D5542D068C8387913C8A107E5060778EB7B6B4C6FB1C41AA0087
                                                                                                                                                                                                                                                                                      SHA-512:CAA49AF9345FADB9387F9BE7C5FE044C82EA327C10ED7F05D8A041AD628E067A3EE92A6E03AB36BE5F916DC173BA965A174DAE1214BD51DDB703876573EB0695
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.B.r.a.z.i.l.i.a.n. .P.o.r.t.u.g.u.e.s.e...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.S.o.f.t.w.a.r.e. .d.e. .A.l.t.o. .M.o.v.i.m.e.n.t.o...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.i.m.b.a.t.c.h.@.h.i.g.h.m.o.t.i.o.n.s.o.f.t.w.a.r.e...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.p.t._.B.R...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.E.n.v.i.a.r. .p.a.r.a. .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.S.i.m...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N...o...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.C.a.n.c.e.l.a.r...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.F.e.c.h.a.r...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.N...o. .p.e.r.g.u.n.t.a.r. .d.e. .n.o.v.o...D.e.f.L.a.n.g.N.a.m.e.=.D.e.f.a.u.l.t. .(.E.n.g.l.i.s.h.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.L.i.n.g.u.a.g.e.m.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.A.j.u.d.e.-.n.o.s. .a. .a.t.u.a.l.i.z.a.r. .a. .t.r.a.d.u.....o.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Portuguese.lng (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):161062
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.594252676835424
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:CKzxZv9/73nm8DoHO/GrTBXJmWySRjx5hooZdKKovrhaeuT4Af64ZVt9tUjGVO/Q:19MHhrTBXJnySRjx5hooZdKKozhaeuTD
                                                                                                                                                                                                                                                                                      MD5:D7E0298893931503A3B5439703F25E7B
                                                                                                                                                                                                                                                                                      SHA1:0094EBB0E1065F83F804BEE267241BD62235A417
                                                                                                                                                                                                                                                                                      SHA-256:C8F8A416C723F8146D137AC190AA952B4DE6043DB0A40CA0AA286FB235312E1C
                                                                                                                                                                                                                                                                                      SHA-512:CC06D2204AB9ABC81A7933C5C3FCD59D764FE13039557BFBADF68BDC56840848ECB1256C5F4E0AAB9564DE9FD9EB35D5E57F995B05E7E670173ECBC19527561B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.P.o.r.t.u.g.u.e.s.e...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.H.i.g.h. .M.o.t.i.o.n. .S.o.f.t.w.a.r.e...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.i.m.b.a.t.c.h.@.h.i.g.h.m.o.t.i.o.n.s.o.f.t.w.a.r.e...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.p.t._.P.T...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.E.n.v.i.a.r. .p.a.r.a. .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.S.i.m...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N...o...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.C.a.n.c.e.l.a.r...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.F.e.c.h.a.r...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.N...o. .p.e.r.g.u.n.t.a.r. .n.o.v.a.m.e.n.t.e...D.e.f.L.a.n.g.N.a.m.e.=.P.a.d.r...o. .(.I.n.g.l...s.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.I.d.i.o.m.a.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.A.j.u.d.e.-.n.o.s. .a. .a.t.u.a.l.i.z.a.r. .a. .t.r.a.d.u.....o. .e.m. .C.r.o.w.d.i.n...c.o.m...I.m.a.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Russian.lng (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):161684
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.359238901235878
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:LVCtDs3BY0KMLcjZCeq7ACkZu96Umf78j9bt/hB+ZhHMb1iav3vLmN2fZqHv:EwcQACkZk6Umf78j9bt/hB+vHMb1iavg
                                                                                                                                                                                                                                                                                      MD5:70EA80B0E993A1CF176EF9DC8E53E57B
                                                                                                                                                                                                                                                                                      SHA1:8954CA6B75D7BFDACB03B589C12F0E5B0784D208
                                                                                                                                                                                                                                                                                      SHA-256:2E067EC6EED8714531D5401A8437CEED210FD4FA16274CCFC9E27ED21AA29E68
                                                                                                                                                                                                                                                                                      SHA-512:5167DC356EA6BD676D8AB33FADE0C7614F4F2819DA718CF4BEFAAF4380EFCC7D8D7ED35F9D7EAB6F3744A5B76BB4A893FABF2F9BCB0E3A9CF708CA2B18D17522
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=. .C.A.A.:.8.9. .(.R.u.s.s.i.a.n.)...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.H.i.g.h. .M.o.t.i.o.n. .S.o.f.t.w.a.r.e...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.i.m.b.a.t.c.h.@.h.i.g.h.m.o.t.i.o.n.s.o.f.t.w.a.r.e...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.r.u._.R.U...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=...B.?.@.0.2.8.B.L. .2. .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=...0...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=...5.B...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=...B.<.5.=.0...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=...0.:.@.K.B.L...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=...>.;.L.H.5. .=.5. .A.?.@.0.H.8.2.0.B.L...D.e.f.L.a.n.g.N.a.m.e.=...>. .C.<.>.;.G.0.=.8.N. .(...=.3.;.8.9.A.:.8.9.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=./.7.K.:.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=...>.<.>.3.8.B.5. .=.0.<. .>.1.=.>.2.8.B.L. .?.5.@.5.2.>.4. .=.0. .C.r.o.w.d.i.n...

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Spanish.lng (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):155752
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5895441543792983
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:1TmtvbkYZj3xYLLPHKzyK0SbLrrlt//clVaKSJDtNtNNppA/Rl0qeyM:VDHmyK0SbLrrlt//clVaKSJDtNtNNpu2
                                                                                                                                                                                                                                                                                      MD5:679D0A5423446FF231BF24C91D949347
                                                                                                                                                                                                                                                                                      SHA1:4879E16C64D2DED26A2340D8231EA12E3F351D68
                                                                                                                                                                                                                                                                                      SHA-256:EFBEA5F008D03CB64981775C8ACB4A59EAF86DB69F18394926B4D55436C2D16F
                                                                                                                                                                                                                                                                                      SHA-512:71D6F50D5754B50073428F8A7873AE62503FF894BB9E2B0EFC6B1B10D46C0547E9AA00CED40D894E56DAFB926A1F7713A652AA8FB134F63D5235BA535BEC17CB
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.E.s.p.a...o.l...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.T.r.a.n.s.l.a.t.o.r.M.x...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.t.r.a.n.s.l.a.t.o.r.m.x.@.l.i.v.e...c.o.m...m.x...H.e.l.p.F.i.l.e.=.H.e.l.p.-.e.s._.E.S...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.E.n.v.i.a.r. .a. .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.S.i...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N.o...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.C.a.n.c.e.l.a.r...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.C.e.r.r.a.r...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.N.o. .v.o.l.v.e.r. .a. .p.r.e.g.u.n.t.a.r...D.e.f.L.a.n.g.N.a.m.e.=.D.e.f.a.u.l.t. .(.I.n.g.l...s.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.I.d.i.o.m.a.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.A.y...d.a.n.o.s. .a. .a.c.t.u.a.l.i.z.a.r. .l.a. .t.r.a.d.u.c.c.i...n. .e.n. .C.r.o.w.d.i.n...c.o.m...I.m.a.g.e.N.a.m.e.L.a.b.e.l...C.a.p.t.i.o.n.=.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Swedish.lng (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):151774
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.6171405490650526
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:cUGNeTxdHc6/2ajSNYUH9LXxOVntE21X+/uclVaKSqPaevINNppuq2K/Rl0qowL:tMDHxXxONtE21X+/uclVaKSqPaevINN9
                                                                                                                                                                                                                                                                                      MD5:B5A3867180F7FD0529E00F32273DA6BD
                                                                                                                                                                                                                                                                                      SHA1:34EED3E5E4D7AFD84E96C34F72572B743C8BD6E5
                                                                                                                                                                                                                                                                                      SHA-256:7C27A1902A297BBC338A2E91757771022FAAA7274A821DF7CFCFF196FF14E329
                                                                                                                                                                                                                                                                                      SHA-512:CB1F48EF662203B1D3FFCDD18283CE534A86D9E0A9E9F17B246F7959A02525B3A092A7F6CCE99E634B0085D2133733438E380508AE8579D9287BE56A93A13AC8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.S.w.e.d.i.s.h...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=...k.e. .E.n.g.e.l.b.r.e.k.t.s.o.n...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.e.s.o.n.5.7.@.g.m.a.i.l...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.s.v._.S.E...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.S.k.i.c.k.a. .t.i.l.l. .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.J.a...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N.e.j...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.A.v.b.r.y.t...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.C.l.o.s.e...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.D.o.n.'.t. .a.s.k. .m.e. .a.g.a.i.n...D.e.f.L.a.n.g.N.a.m.e.=.S.t.a.n.d.a.r.d. .(.E.n.g.e.l.s.k.a.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.S.p.r...k.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.H.e.l.p. .u.s. .t.o. .u.p.d.a.t.e. .t.h.e. .t.r.a.n.s.l.a.t.i.o.n. .o.n. .C.r.o.w.d.i.n...c.o.m...I.m.a.g.e.N.a.m.e.L.a.b.e.l...C.a.p.t.i.o.n.=.B.i.l.d.n.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\Ukrainian.lng (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):160062
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.362351974847042
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:KRt+6MSDtH+rxYD7UW+K6Dldhh5EW35Eq1ILphq5V7I4tAKiq7fPqKSFsAq9d:S6M7T6DlV5EW35Eq1ILphq5xI4tAKiqF
                                                                                                                                                                                                                                                                                      MD5:61F246DBD8BE0EBBC91CF76F06305EDA
                                                                                                                                                                                                                                                                                      SHA1:C48AA2EC373560EAA220B141E63966C5F199A661
                                                                                                                                                                                                                                                                                      SHA-256:9E145DDFE21DF29DD6031578A5DB9A86A0073025EECA969DF4A0EEBC83C3DC11
                                                                                                                                                                                                                                                                                      SHA-512:E99CF6071F46260190E6165E115FEBE4F1A097B2E66E5122E292B95B49BD897DEC645FB655726F66EF9DD3381E5E1EAA4BB3F233923AC7C3D213B6EE19CCE0E6
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.#.:.@.0.W.=.A.L.:.0. .(.U.k.r.a.i.n.i.a.n.)...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.H.i.g.h. .M.o.t.i.o.n. .S.o.f.t.w.a.r.e...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.i.m.b.a.t.c.h.@.h.i.g.h.m.o.t.i.o.n.s.o.f.t.w.a.r.e...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.u.k._.U.A...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=...V.4.?.@.0.2.8.B.8. .2. .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.".0.:...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=...V...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=...V.4.<.V.=.8.B.8...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=...0.:.@.8.B.8...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=...V.;.L.H.5. .=.5. .?.8.B.0.B.8...D.e.f.L.a.n.g.N.a.m.e.=...>. .7.0.<.>.2.G.C.2.0.=.=.N. .(...=.3.;.V.9.A.L.:.0.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=...>.2.0.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=...>.?.>.<.>.6.V.B.L. .=.0.<. .>.=.>.2.8.B.8. .?.5.@.5.:.;.0.4. .=.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-10LAA.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):117764
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.405211564961335
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:+0ozGDYyIsIKXaT+HSrH4KfuN1j9jhYFSLb5/l9AnQ7/t8N8g5Exirqg+:OCHST4KfuN1j9jhYFSLb5/l9AnQ7/t80
                                                                                                                                                                                                                                                                                      MD5:C02AE012C6928D9413DB550FEABB8448
                                                                                                                                                                                                                                                                                      SHA1:087FC4EB112ADAE5CE7EDD20EB6CC7FD514C0977
                                                                                                                                                                                                                                                                                      SHA-256:2C38867132AABDC01A44DD41A230AC4886F1E4DED89873F6C6003BCC0B5612F2
                                                                                                                                                                                                                                                                                      SHA-512:AB876CAEE098D2938335108974FAEC1F3E98B3B3F4B94BA0CD335C255F6961EED443DB63FF8688389CBEAE94A08D04687F4A29AFE4AF2B138CA5B60E51707794
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=..{SO-N.e..T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.Y.a.n.J.u.n. .S.u.n. .&. .'Y<w.N~..e..A.n.a.n.....T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.w.c.x.u.2.1.@.1.2.6...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.z.h._.C.N...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=..S..0R .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=./f..D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.&T..D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.nx.[..D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=..S.m..D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.sQ...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=..N.Q....D.e.f.L.a.n.g.N.a.m.e.=......E.n.g.l.i.s.h.....L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=......L.a.n.g.u.a.g.e.......O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=..^.R.b.N.f.e .C.r.o.w.d.i.n...c.o.m. ..N.v.....I.m.a.g.e.N.a.m.e.L.a.b.e.l...C.a.p.t.i.o.n.=..V.P.T.y..I.m.a.g.e.T.y.p.e.L.a.b.e.l...C.a.p.t.i.o.n.=..V.P{|.W..I.m.a.g.e.P.a.t.h.L.a.b.e.l...C.a.p.t.i.o.n.=..n.e.N9Y..

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-1LA5H.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):130882
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.31899571260427
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:LnQVznSWGhdDVD6q3H65QKjrX+34lzrXQGe/55ea8V+saJkg5NNp+QydlfqcX:CqHaX+34lzrXQGe/55ea8V+saJkg5NNm
                                                                                                                                                                                                                                                                                      MD5:381A5BC7DED3588CCFE1B5D1F8B0B210
                                                                                                                                                                                                                                                                                      SHA1:FA167DC1D76AC87268C4146CD36C98AD675DBC57
                                                                                                                                                                                                                                                                                      SHA-256:970A70A863A4B9AB45CE44E9503BA7EE83A2732A21A2D56EE9928B320C311B0D
                                                                                                                                                                                                                                                                                      SHA-512:DEAEF3F30E248E28B2A5B2DBCC9EDEC4563610E0F20BFC893BD7F1CD652FE58798DD21A71D1B09B2B7B66E7DF218339A7EC34E3316239F865EC63B2ADA8D5704
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=...\...m...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.t.......T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.s.a.d.l.o.v.e.d.l.d.u.@.n.a.v.e.r...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.k.o._.K.R...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.I.m.B.a.t.c.h.\. ......D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.....D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.D..$...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=......D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=..0...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.... .;... .J.....D.e.f.L.a.n.g.N.a.m.e.=.D.e.f.a.u.l.t. .(.E.n.g.l.i.s.h.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=....:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.H.e.l.p. .u.s. .t.o. .u.p.d.a.t.e. .t.h.e. .t.r.a.n.s.l.a.t.i.o.n. .o.n. .C.r.o.w.d.i.n...c.o.m...I.m.a.g.e.N.a.m.e.L.a.b.e.l...C.a.p.t.i.o.n.=.t..... .t....I.m.a.g.e.T.y.p.e.L.a.b.e.l...C.a.p.t.i.o.n.=.t..... . .....I.m.a.g.e.P.a.t.h.L.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-1NJ4I.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):152784
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.666595801412355
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:Ai/ImojtjOjvTguu88KIUHzhwAHYG8zUXbaNLV5tMCTIN/zclVaKSIoaeqSNNpep:hTHWUXbaX5tMCTIN/zclVaKSIoaeqSNS
                                                                                                                                                                                                                                                                                      MD5:6C489702B2C5D8630BFA1B6D4476737D
                                                                                                                                                                                                                                                                                      SHA1:F6FD853665A385EB7314B4FF608718FC17BFA4C8
                                                                                                                                                                                                                                                                                      SHA-256:3F50F7E76A17816AA4CA9F01D2AA397BAAD8AAE22EEE076D5ED622DBB71053C4
                                                                                                                                                                                                                                                                                      SHA-512:59F3B0177AF5A435294506F91CA03AD269E1D076EDAEE9DC8CEB759A0B4870FB49F749FCC9090C4B35E55F25B8DB91DA4B26DF4B74100167F73154616C10D916
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.M.a.g.y.a.r...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.H.i.g.h. .M.o.t.i.o.n. .S.o.f.t.w.a.r.e...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.i.m.b.a.t.c.h.@.h.i.g.h.m.o.t.i.o.n.s.o.f.t.w.a.r.e...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.h.u._.H.U...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.K...l.d...s. .a.z. .I.m.B.a.t.c.h. .-.h.o.z...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.I.g.e.n...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N.e.m...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.R.e.n.d.b.e.n...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.M...g.s.e.m...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.B.e.z...r...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.N.e. .k...r.d.e.z.d. .m...g.e.g.y.s.z.e.r...D.e.f.L.a.n.g.N.a.m.e.=.A.l.a.p. .(.a.n.g.o.l.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.N.y.e.l.v.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.S.e.g...t.s. .n.e.k...n.k. .a. .C.r.o.w.d.i.n...c.o.m. .-.o.n. .a. .f.o.r.d...t...s.b.a.n...I.m.a.g.e.N.a.m.e.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-1SDML.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1792), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):168750
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.413054703465746
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:vsWjM5TNjG8Jcbz8Sd06+4KjnA4+nZoMWIBXBHEtHiGYKj+Ie+5Z6azfXXRI5NkO:F6jnAm+Ie+ThI5fjYZLqF
                                                                                                                                                                                                                                                                                      MD5:E543FC1F8151BB63D66CF401AF114ED9
                                                                                                                                                                                                                                                                                      SHA1:744DEE3A857A3CE0DD565FA647FC2539CC501780
                                                                                                                                                                                                                                                                                      SHA-256:1FEAD2D5BA4E3330FD4490B1B72A80908946D0CA802EAEA380C76DDDC73DB223
                                                                                                                                                                                                                                                                                      SHA-512:93BD5260A4D7AD172039423D1217D5C4862469A63DE2D359970CE83A1B0FEEA0463BFC72E5DE9AC7BCA8070DD71B5F66EE38F19F1746D30B2C952B9EE3469AB4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.d.d.s. .a.n. .e.x.t.r.a. .d.i.m.e.n.s.i.o.n. .t.o. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .w.i.d.t.h. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .t.h.e. .w.i.d.t.h. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .h.e.i.g.h.t. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.). .t.h.e. .h.e.i.g.h.t.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f. .t.h.e. .e.x.t.r.a. .s.p.a.c.e. .a.b.o.v.e. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-3CGJC.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):146012
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.166168165529595
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:ypuFf3vlQwRIzyLVRHj1KJdG+uHH7/VyxTN+TvNV/af8JbRY73bAT4NNp2BdYHBu:yY6uTHGG+uHH7NylN+TvNV/af8JbRY7I
                                                                                                                                                                                                                                                                                      MD5:0F92A47746B73D7058A4BB209C147DD5
                                                                                                                                                                                                                                                                                      SHA1:57E5A7C24C6A3B72A00E1360C11A801B4E231DCE
                                                                                                                                                                                                                                                                                      SHA-256:8C1E6FF69775160BF9232438425A24A7DD0B6C6247371DC22EE9F4C37CF4C3FC
                                                                                                                                                                                                                                                                                      SHA-512:FA85426CF1D35E9A20DC48E1724AE61C0912460035FBE0256647DD3196414E773D1B06E47C75D8D204A0C221F93778E9DC4B15E972D9B59DADA66BAB1E981661
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.A.r.a.b.i.c...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.M.F.M. .D.a.w.d.e.h...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.l.a.l.a.l.o.g.i.t.e.c.h.@.h.o.t.m.a.i.l...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.a.r._.S.A...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.I.m.B.a.t.c.h. .'.1.3.D. .'.D.I...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.F.9.E...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.D.'...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.E.H.'.A.B...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.'.D.:.'.!. .'.D.'.E.1...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.'.:.D.'.B...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.D.'. .*.3.'.D.F.J. .+.'.F.J.)...D.e.f.L.a.n.g.N.a.m.e.=.(.'.A.*.1.'.6.J. .(.'.D.'.F.,.D.J.2.J.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.'.D.D.:.).:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.H.e.l.p. .u.s. .t.o. .u.p.d.a.t.e. .t.h.e. .t.r.a.n.s.l.a.t.i.o.n. .o.n. .C.r.o.w.d.i.n...c.o.m...I.m.a.g.e.N.a.m.e.L.a.b.e.l...C.a.p.t.i.o.n.=.'.3.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-6OJUG.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1792), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):168750
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.413054703465746
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:vsWjM5TNjG8Jcbz8Sd06+4KjnA4+nZoMWIBXBHEtHiGYKj+Ie+5Z6azfXXRI5NkO:F6jnAm+Ie+ThI5fjYZLqF
                                                                                                                                                                                                                                                                                      MD5:E543FC1F8151BB63D66CF401AF114ED9
                                                                                                                                                                                                                                                                                      SHA1:744DEE3A857A3CE0DD565FA647FC2539CC501780
                                                                                                                                                                                                                                                                                      SHA-256:1FEAD2D5BA4E3330FD4490B1B72A80908946D0CA802EAEA380C76DDDC73DB223
                                                                                                                                                                                                                                                                                      SHA-512:93BD5260A4D7AD172039423D1217D5C4862469A63DE2D359970CE83A1B0FEEA0463BFC72E5DE9AC7BCA8070DD71B5F66EE38F19F1746D30B2C952B9EE3469AB4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.d.d.s. .a.n. .e.x.t.r.a. .d.i.m.e.n.s.i.o.n. .t.o. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .w.i.d.t.h. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .t.h.e. .w.i.d.t.h. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .h.e.i.g.h.t. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.). .t.h.e. .h.e.i.g.h.t.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f. .t.h.e. .e.x.t.r.a. .s.p.a.c.e. .a.b.o.v.e. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-86UG0.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1792), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):168750
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.413054703465746
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:vsWjM5TNjG8Jcbz8Sd06+4KjnA4+nZoMWIBXBHEtHiGYKj+Ie+5Z6azfXXRI5NkO:F6jnAm+Ie+ThI5fjYZLqF
                                                                                                                                                                                                                                                                                      MD5:E543FC1F8151BB63D66CF401AF114ED9
                                                                                                                                                                                                                                                                                      SHA1:744DEE3A857A3CE0DD565FA647FC2539CC501780
                                                                                                                                                                                                                                                                                      SHA-256:1FEAD2D5BA4E3330FD4490B1B72A80908946D0CA802EAEA380C76DDDC73DB223
                                                                                                                                                                                                                                                                                      SHA-512:93BD5260A4D7AD172039423D1217D5C4862469A63DE2D359970CE83A1B0FEEA0463BFC72E5DE9AC7BCA8070DD71B5F66EE38F19F1746D30B2C952B9EE3469AB4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.d.d.s. .a.n. .e.x.t.r.a. .d.i.m.e.n.s.i.o.n. .t.o. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .w.i.d.t.h. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .t.h.e. .w.i.d.t.h. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .h.e.i.g.h.t. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.). .t.h.e. .h.e.i.g.h.t.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f. .t.h.e. .e.x.t.r.a. .s.p.a.c.e. .a.b.o.v.e. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-8TL17.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1792), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):168750
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.413054703465746
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:vsWjM5TNjG8Jcbz8Sd06+4KjnA4+nZoMWIBXBHEtHiGYKj+Ie+5Z6azfXXRI5NkO:F6jnAm+Ie+ThI5fjYZLqF
                                                                                                                                                                                                                                                                                      MD5:E543FC1F8151BB63D66CF401AF114ED9
                                                                                                                                                                                                                                                                                      SHA1:744DEE3A857A3CE0DD565FA647FC2539CC501780
                                                                                                                                                                                                                                                                                      SHA-256:1FEAD2D5BA4E3330FD4490B1B72A80908946D0CA802EAEA380C76DDDC73DB223
                                                                                                                                                                                                                                                                                      SHA-512:93BD5260A4D7AD172039423D1217D5C4862469A63DE2D359970CE83A1B0FEEA0463BFC72E5DE9AC7BCA8070DD71B5F66EE38F19F1746D30B2C952B9EE3469AB4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.d.d.s. .a.n. .e.x.t.r.a. .d.i.m.e.n.s.i.o.n. .t.o. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .w.i.d.t.h. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .t.h.e. .w.i.d.t.h. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .h.e.i.g.h.t. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.). .t.h.e. .h.e.i.g.h.t.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f. .t.h.e. .e.x.t.r.a. .s.p.a.c.e. .a.b.o.v.e. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-A29PC.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1434), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):163412
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.456795145877069
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:Sr/3b8CN7jQJHo1WDDPwZh62hI5fjYZLqF:Sr/L8CN7jKHo1WDDPwZh6OI5fjGLW
                                                                                                                                                                                                                                                                                      MD5:21DCA296AD98619FD99BEE42A06468CB
                                                                                                                                                                                                                                                                                      SHA1:5F3B732E1936E9B308E27E092F163DBF738B9617
                                                                                                                                                                                                                                                                                      SHA-256:158C22B401E7F6D9042027FBF2F274C6409527A7259B9E428B75E9087909D88A
                                                                                                                                                                                                                                                                                      SHA-512:878DB0B2BB0F8206CC625D4664A8E219FCEDE537A46F3284FA5874D2E09C0622446C1C3CAD358DB887664A706DA1DBC865E407BD7DDB4C507F4829E3B6CFF808
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.L...g.g.e.r. .t.i.l.l. .e.n. .e.x.t.r.a. .d.i.m.e.n.s.i.o.n. .t.i.l.l. .b.i.l.d.e.n.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.A.n.g.e.r. .b.r.e.d.d.e.n. .p... .b.i.l.d.r.u.t.a.n.,. .e.x.k.l.u.s.i.v.e. .s.p.e.g.e.l.b.i.l.d... .D.e.n. .f...r.d.i.g.a. .b.i.l.d.e.n. .a.n.p.a.s.s.a.s. .t.i.l.l. .d.e.n.n.a. .b.r.e.d.d. .(.u.t.a.n. .a.t.t. .s.t.r...c.k.a.s. .u.t.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.A.n.g.e.r. .h...j.d.e.n. .p... .b.i.l.d.r.u.t.a.n.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .e.x.k.l.u.s.i.v.e. .s.p.e.g.e.l.b.i.l.d... .D.e.n. .f...r.d.i.g.a. .b.i.l.d.e.n. .a.n.p.a.s.s.a.s. .t.i.l.l. .d.e.n.n.a. .h...j.d. .(.u.t.a.n. .a.t.t. .s.t.r...c.k.a.s. .u.t.).....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.A.n.g.e.r. .s.t.o.r.l.e.k.e.n. .p... .e.x.t.r.a. .m.a.r.g.i.n.a.l.u.t.r.y.m.m.e. .i. ...v.e.r.k.a.n.t. .p... .b.i.l.d.e.n.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.A.n.g.e.r.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-BERO4.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1792), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):168750
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.413054703465746
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:vsWjM5TNjG8Jcbz8Sd06+4KjnA4+nZoMWIBXBHEtHiGYKj+Ie+5Z6azfXXRI5NkO:F6jnAm+Ie+ThI5fjYZLqF
                                                                                                                                                                                                                                                                                      MD5:E543FC1F8151BB63D66CF401AF114ED9
                                                                                                                                                                                                                                                                                      SHA1:744DEE3A857A3CE0DD565FA647FC2539CC501780
                                                                                                                                                                                                                                                                                      SHA-256:1FEAD2D5BA4E3330FD4490B1B72A80908946D0CA802EAEA380C76DDDC73DB223
                                                                                                                                                                                                                                                                                      SHA-512:93BD5260A4D7AD172039423D1217D5C4862469A63DE2D359970CE83A1B0FEEA0463BFC72E5DE9AC7BCA8070DD71B5F66EE38F19F1746D30B2C952B9EE3469AB4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.d.d.s. .a.n. .e.x.t.r.a. .d.i.m.e.n.s.i.o.n. .t.o. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .w.i.d.t.h. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .t.h.e. .w.i.d.t.h. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .h.e.i.g.h.t. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.). .t.h.e. .h.e.i.g.h.t.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f. .t.h.e. .e.x.t.r.a. .s.p.a.c.e. .a.b.o.v.e. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-D71JQ.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1792), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):170006
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.426215135068183
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:/UE7MjTtrEMBcbp84d06U4KpnAgEVDIkEIj/LPU9Hi8KgxUQk+TbACbfXfT+R92v:nQpnAGEQk+hb+RfzqrTqu
                                                                                                                                                                                                                                                                                      MD5:52EDAFEF060C7A0632E68548350D3519
                                                                                                                                                                                                                                                                                      SHA1:0993D3D97F1AC4E226B0DE88D41C775B228D4E9B
                                                                                                                                                                                                                                                                                      SHA-256:EE01F21D8A2809C3D56DFDE95B37131959271BF3926F98B415E62656DFFEA657
                                                                                                                                                                                                                                                                                      SHA-512:ED7AB0F81F315766357E94ED6ACDF82D3FEBA2A6AFF79993DB637A6A4F06F33DF71A5CC37C3B1E0D401E5809F2A9D8D080B3F3D4170F06E4FCEA8A787BDE57DA
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.].....T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.d.d.s. .a.n. .e.x.t.r.a. .d.i.m.e.n.s.i.o.n. .t.o. .t.h.e. .i.m.a.g.e.......T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .w.i.d.t.h. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .t.h.e. .w.i.d.t.h. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.).......T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .h.e.i.g.h.t. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.). .t.h.e. .h.e.i.g.h.t.......T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f. .t.h.e. .e.x.t.r.a. .s.p.a.c.e. .a.b.o.v.e. .t.h.e. .i.m.a.g.e.......T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-DQFN4.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):152060
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.7178239011866587
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:c39uheZzrwtO0m6kZmOUHl9Xp0EbLrrlt//clVaKSJDtNtNNppA/Rl0q+yM:s8lHPXp0EbLrrlt//clVaKSJDtNtNNpp
                                                                                                                                                                                                                                                                                      MD5:256AE2752886922E9FA1E44361B48F45
                                                                                                                                                                                                                                                                                      SHA1:1CCE116EB23D4BF65589441F887A4AF2B10925A8
                                                                                                                                                                                                                                                                                      SHA-256:F8356B94782133850C86DA33B79B824286356D00288B5410750A05CA8ACBE147
                                                                                                                                                                                                                                                                                      SHA-512:155D842ECB693D459107A03E26B32EB59257AE4D33942FED8435ED0FD939F42E6F007198DDF15A11CCA1B3770FEF028F34FEC67BA211D02C8694B90CB26E2E4B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=................. .(.G.r.e.e.k.)...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.H.i.g.h. .M.o.t.i.o.n. .S.o.f.t.w.a.r.e...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.i.m.b.a.t.c.h.@.h.i.g.h.m.o.t.i.o.n.s.o.f.t.w.a.r.e...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.e.l._.G.R...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=................. ....... .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.........D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.........D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.................D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.............D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=...................D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=..... ....... ............... ...........D.e.f.L.a.n.g.N.a.m.e.=..................... .(...............)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.............:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=................. ....... ..... ......................... ..... ...............

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-EBNQN.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):161968
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5999091804710917
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:PlSaijiHMhVVXS2YHUbfGZ69Y3m3c3+ho2JBz4XKmfEl5Hd6ly1m7oVQVWXSMLtp:ZZHmmfEjd6ly1m7oVQVWXSMLt3hcMkxA
                                                                                                                                                                                                                                                                                      MD5:C7E6CCC1612366A036D59CDF34C10E7F
                                                                                                                                                                                                                                                                                      SHA1:8020971717B076D0FF3811CDE5944AB975DB8453
                                                                                                                                                                                                                                                                                      SHA-256:2857F5304A5FE414FED8DE1DC50048F509B53191D9078A3B816493009F76120F
                                                                                                                                                                                                                                                                                      SHA-512:9F687B7F2AB5A7A3B2017F81AAF1C7F923D97064AD9A9573C86C0E36CC61671754A0DE487CBD015F247271B28BC181389278BE7F78C940DD8D427D975EDEE189
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.F.r.e.n.c.h...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.H.i.g.h. .M.o.t.i.o.n. .S.o.f.t.w.a.r.e...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.i.m.b.a.t.c.h.@.h.i.g.h.m.o.t.i.o.n.s.o.f.t.w.a.r.e...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.f.r._.F.R...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.E.n.v.o.y.e.r. ... .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.O.u.i...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N.o.n...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.A.n.n.u.l.e.r...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.F.e.r.m.e.r...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.N.e. .m.e. .d.e.m.a.n.d.e.z. .p.a.s. .d.e. .n.o.u.v.e.a.u...D.e.f.L.a.n.g.N.a.m.e.=.F.r.a.n...a.i.s...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.L.a.n.g.u.e.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.C.o.n.t.r.i.b.u.e.z. ... .a.m...l.i.o.r.e.r. .l.a. .t.r.a.d.u.c.t.i.o.n. .d.e. .c.e. .l.o.g.i.c.i.e.l. .s.u.r. .C.r.o.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-FRNUI.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):126652
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.510487197363285
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:sYcFYtKz2ctsxbHv0cX9lFxzTSTJJPr8VWXCDpx6uAiYo68H2Z2rqwzf9:S+hHvrX9ljzTSTJJPr8VWXCDpx6uAiYu
                                                                                                                                                                                                                                                                                      MD5:DBF9CD4738BC1BEF4E7151634A4F937B
                                                                                                                                                                                                                                                                                      SHA1:0CBBCDFBDFE689D224E897E5CDA7FDDBAC728396
                                                                                                                                                                                                                                                                                      SHA-256:FD54F6B816E26ACA9BD6CD6614B38469238EC05828A66E1684081E21078E826B
                                                                                                                                                                                                                                                                                      SHA-512:DBCE02E6D134CC15C10E642488883172D2328623B1204DBE7C53B098CF522D2C72FB44B1347DBC962FB7E0164D26510A59E1A6228E8650B28934D8FAA2373C74
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=..e,g.. .(.J.a.p.a.n.e.s.e.)...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.D.o.n.k.i.c.h.i.r.o.u...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.d.o.n.k.i.c.h.i.r.o.u.@.g.m.a.i.l...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.j.a._.J.P...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.I.m.B.a.t.c.h. .k0...O..D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.o0D0..D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.D0D0H0..D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=..0.0.0.0.0..D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=...X0.0..D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.!k.VK0.0.x..W0j0D0..D.e.f.L.a.n.g.N.a.m.e.=.D.e.f.a.u.l.t. .(.E.n.g.l.i.s.h.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.........O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.C.r.o.w.d.i.n...c.o.m. ..0..X0_0..3.n0.f.ek0T0TS.RO0`0U0D0..I.m.a.g.e.N.a.m.e.L.a.b.e.l...C.a.p.t.i.o.n.=..0.0.0.0.T..I.m.a.g.e.T.y.p.e.L.a.b.e.l...C.a.p.t.i.o.n.=..0.0.0.0.0.0.0..I.m.a.g.e.P.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-G4B3I.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):156456
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.6874963943647643
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:vrk8eH9GsweQdhb6CKOMCMNJiThl1HFhRC/LcuSeKvGdlPdpnyTc51Zq/DclVaKn:HmSl1Hs/Qel7yTc51Zq/DclVaKSUzae9
                                                                                                                                                                                                                                                                                      MD5:DEC84DB94AF39C243F643F7B2ACE15BB
                                                                                                                                                                                                                                                                                      SHA1:19E1C9C6F93E985A07DD6F7996C7BF221B32FC44
                                                                                                                                                                                                                                                                                      SHA-256:D65D3AD3205E73D817A1160B8BB9DC62AC793EC8787938D7ABAA5DDBC1DE5CEA
                                                                                                                                                                                                                                                                                      SHA-512:F33FDF04457C4A3EF3FE1D482CC9CBC63A3A4238A8E40510157A241AF7A0CC536BF9038D562F25C07F56A79149554D40CD69EF8BCB80424474FC578A88702A26
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.P.o.l.s.k.i...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.M.a.t.e.u.s.z. .K.u.r.l.i.t. .-. .T.r.a.n.s.G.e.n.t...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.t.r.a.n.s.g.e.n.t.@.o.u.t.l.o.o.k...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.p.l._.P.L...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.W.y...l.i.j. .d.o. .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.T.a.k...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N.i.e...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.A.n.u.l.u.j...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.Z.a.m.k.n.i.j...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.N.i.e. .p.y.t.a.j. .p.o.n.o.w.n.i.e...D.e.f.L.a.n.g.N.a.m.e.=.D.o.m.y...l.n.y. .(.A.n.g.i.e.l.s.k.i.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.J...z.y.k.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.P.o.m...|. .n.a.m. .z.a.k.t.u.a.l.i.z.o.w.a... .t.B.u.m.a.c.z.e.n.i.e. .n.a. .C.r.o.w.d.i.n...c.o.m...I.m.a.g.e.N.a.m.e.L.a.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-GQOH0.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (951), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):125384
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.641253615931881
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:RimMNNRLzg4C400jQrIi3AqsFC0S+zr1paHMRI+9wxrmV15/LSGQczcHlNJo9/dP:85LwqqsFu+zI8EmkqF
                                                                                                                                                                                                                                                                                      MD5:A8B7CB63C1F3D25FB071A63F17647035
                                                                                                                                                                                                                                                                                      SHA1:DE229B7C4766970F7D9A49463C0C3C7065366D0A
                                                                                                                                                                                                                                                                                      SHA-256:4579C648D226ECB4D0BB40B7CEC80E07B8E9AAD2A9CA3387992E5FF0EFC5C98A
                                                                                                                                                                                                                                                                                      SHA-512:B9DEC1F35B4AD1F4B5D1CE6C369F836C3FF3792A16E65C1B84981E2ABA094DF76847AF29AB766A5E4B19D2352360CBB07DFB8D58D09B4B0CCC769A6500F06EC4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.t....... .X...|. .....i.......T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.... .t....... .D.. ...\. .......X. ...D.|. ...X.i..... ..... .t....... ...D... ..D. ....... .(....... .J.L.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.... .t.....|. ...x.\. ...\. .......X. ...t.|. ...X.i..... ..... .t....... ...t... ..D. ...........T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.t..... ..... .... .....X. .l.0.|. ...X.i.......T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.t..... .D..X. ..... ..... .l.0.|. ...X.i.......T.a.s.k.3.D.I.m.a.g.e.L.e.f.t.M.a.r.g.i.n.H.e.l.p.=.t.....X. .|.... ....X. .....D. ...X.i.......T.a.s.k.3.D.I.m.a.g.e.R.i.g.h.t.M.a.r.g.i.n.H.e.l.p.=.t.....X. .$.x..... ....X. .....D. ...X.i.......T.a.s.k.3.D.I.m.a.g.e.A.n.g.l.e.H.e.l.p.=......D. .0...<.\. .3.D. ......... .t.....|. ........0...\. ....|. ...X.i.......T.a.s.k.3.D.I.m.a.g.e.D.e.p.t.h.H.e.l.p.=.<... ....|. ...X.i.......T.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-JDKJP.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1957), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):182352
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.38575047811943
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:23xzM3O0UFs6XyjoOZoudZQ0OiZBtAwsQdrSrhi5gTK8hgMEfIjmE0Watc4LoGxl:23xsVfoJ9i5DhiMAxgx0ZJGTDmyDuXPg
                                                                                                                                                                                                                                                                                      MD5:FB0296B08215747D3569505111047E5D
                                                                                                                                                                                                                                                                                      SHA1:19BE38FBBC0B0EE2B1D150AEDF8C16633544022A
                                                                                                                                                                                                                                                                                      SHA-256:DB08DD6C1063A37EB58D2415EF07FF4E911FF0CA84B4A0DD81F2F1A891F08746
                                                                                                                                                                                                                                                                                      SHA-512:8153DC3041DD50C5E919B405AC66E597F893A58BEBA86A6AED9811FF02F2637114439957448DEE183EE9F45B3FA564C05C8E910C746FF4385F99104CE355E251
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.g.g.i.u.n.g.i. .u.n.a. .n.u.o.v.a. .d.i.m.e.n.s.i.o.n.e. .a.l.l.'.i.m.m.a.g.i.n.e.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.i.s.c.e. .l.a. .l.a.r.g.h.e.z.z.a. .d.e.l. .f.r.a.m.e.,. .n.o.n. .i.n.c.l.u.d.e. .i.m.m.a.g.i.n.e. .s.p.e.c.c.h.i.o... .L.'.i.m.m.a.g.i.n.e. .s.i. .a.d.a.t.t.e.r... .a.l.l.a. .l.a.r.g.h.e.z.z.a. .(.s.e.n.z.a. .d.e.f.o.r.m.a.r.e.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.i.s.c.e. .l.'.a.l.t.e.z.z.a. .d.e.l. .f.r.a.m.e.,. .n.o.n. .i.n.c.l.u.d.e. .i.m.m.a.g.i.n.e. .s.p.e.c.c.h.i.o... .L.'.i.m.m.a.g.i.n.e. .s.i. .a.d.a.t.t.e.r... .a.l.l.'.a.l.t.e.z.z.a. .(.s.e.n.z.a. .d.e.f.o.r.m.a.r.e.).....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.i.s.c.e. .l.a. .d.i.m.e.n.s.i.o.n.e. .e.x.t.r.a. .d.e.l.l.o. .s.p.a.z.i.o. .s.o.p.r.a. .l.'.i.m.m.a.g.i.n.e.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.i.s.c.e. .l.a. .d.i.m.e.n.s.i.o.n.e. .e.x.t.r.a. .d.e.l.l.o. .s.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-JO7CT.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):155088
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5982085063417686
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:i1y2Z+KnFiNzQZngtCmlSH/vYnE+pzw8COZFiF4rS5V/OsEjsbguRaexaNNpZ9pW:5gHonHzGOZ4F4rS5V/OsEjsbguRaexay
                                                                                                                                                                                                                                                                                      MD5:30AB148B18F0C51A789540A18AD025B4
                                                                                                                                                                                                                                                                                      SHA1:B3D7DFB61B0E7D045E885542FDD8BADFE1DF1166
                                                                                                                                                                                                                                                                                      SHA-256:B83D8BB2D170FBFDF626C7E3B01898E71F2B7017AB77BEE8E1153735250AF6A7
                                                                                                                                                                                                                                                                                      SHA-512:B4F64A4A3BDE246FB59F55350DF41276EC31B943DA37FB67069D464D96B5604FD9E98095D914ADEBBB60942D99C5AF4F9B14AC2D53B2337F3D2CCC226EFF09CA
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.F.i.n.n.i.s.h...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.V.e.i.k.k.o.M...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.i.m.b.a.t.c.h.@.h.i.g.h.m.o.t.i.o.n.s.o.f.t.w.a.r.e...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.f.i._.F.I...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.L...h.e.t... .I.m.B.a.t.c.h.i.i.n...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.K.y.l.l.....D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.E.i...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.P.e.r.u.u.t.a...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.S.u.l.j.e...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=...l... .k.y.s.y. .e.n.......D.e.f.L.a.n.g.N.a.m.e.=.O.l.e.t.u.s. .(.E.n.g.l.i.s.h.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.K.i.e.l.i.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.H.e.l.p. .u.s. .t.o. .u.p.d.a.t.e. .t.h.e. .t.r.a.n.s.l.a.t.i.o.n. .o.n. .C.r.o.w.d.i.n...c.o.m...I.m.a.g.e.N.a.m.e.L.a.b.e.l...C.a.p.t.i.o.n.=.K.u.v.a.n. .n.i.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-JQ1H3.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):160502
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.6116266617393156
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:DEXEmSChQyRLVjPTtjUO4QAPCsym5U7uC2+0L+VGH+OLwKPg8ewWK16nytcbdGQO:CsHc8XWxdGQWI8JOcHKpe3GZtSZNNpYq
                                                                                                                                                                                                                                                                                      MD5:F06119A616EEBF5086C91E891A84B367
                                                                                                                                                                                                                                                                                      SHA1:346A7A503305932F020C45A9F1B51CDD2BBD8C21
                                                                                                                                                                                                                                                                                      SHA-256:A9B7E37B4E1A6A0ABEDC0B3EB07D9540723BF5F370B56A333DC6E23EBEBD9D6A
                                                                                                                                                                                                                                                                                      SHA-512:E41816F94B61654739CB31B369E24541B54EB311C8A391952E8E6F7F5DAFF282CB7F8A0DB070A295C92E230801924CAF3EF3538C904D077D7262B651C664A276
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.G.e.r.m.a.n. .(.D.e.u.t.s.c.h.)...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.(.e.h.e.m... .B.e.a.t. .P... .T.r.u.f.f.e.r.).,. .(.A.n.o.n.y.m.o.u.s. .(.u.p.d.a.t.e.d. .M.a.r.c.h. .2.0.2.1.).)...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.(.b.e.a.t...t.r.u.f.f.e.r.@.g.m.x...c.h.).,. .(.-.-.-.)...H.e.l.p.F.i.l.e.=.H.e.l.p.-.d.e._.D.E...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.A.n. .I.m.B.a.t.c.h. .s.e.n.d.e.n...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.J.a...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N.e.i.n...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.A.b.b.r.e.c.h.e.n...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.S.c.h.l.i.e...e.n...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.M.i.c.h. .n.i.c.h.t. .w.i.e.d.e.r. .f.r.a.g.e.n...D.e.f.L.a.n.g.N.a.m.e.=.D.e.u.t.s.c.h...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.S.p.r.a.c.h.e. .(.L.a.n.g.u.a.g.e.).:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.H.i.l.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-K5AH1.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1641), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):173862
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.162050770191868
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:buQbqLb7wY/6inhiJMKWObw6NsquWenDpht7wafuyHeHTrfrRRr0z:bTbqLb7wY/6hcWenDpht7waCHTrrRCz
                                                                                                                                                                                                                                                                                      MD5:1760B5B0980F938BEA581761FAB45BFA
                                                                                                                                                                                                                                                                                      SHA1:2771D39C6160FD069203694E545F520ACA69016B
                                                                                                                                                                                                                                                                                      SHA-256:F4D2EA6BED93E2183945E60749CE4F19C7EC145C766931F9406049935853C2BE
                                                                                                                                                                                                                                                                                      SHA-512:5DCDB671852C3E6AB55C917880B1B507D700CBDDD5E567E583BDEC2866C12F1DCF5EBAEE5B53804CBCBC17445A9CD1AF20B9BEF65198BCB29C8CFAE370575526
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=...>.4.0.T. .?.5.@.A.?.5.:.B.8.2.C. .7.>.1.@.0.6.5.=.=.V.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=...0.4.0.T. .H.8.@.8.=.C. .>.1.<.5.6.C.2.0.;.L.=.>.W. .@.0.<.:.8.,. .=.5. .2.:.;.N.G.0.N.G.8. .4.7.5.@.:.0.;.L.=.5. .2.V.4.>.1.@.0.6.5.=.=.O... .<.b.r.>...>.1.@.0.6.5.=.=.O.,. .>.B.@.8.<.0.=.5. .2. .@.5.7.C.;.L.B.0.B.V.,. .1.C.4.5. .0.4.0.?.B.>.2.0.=.>. .(.0.;.5. .=.5. .@.>.7.B.O.3.=.C.B.>.). .<.b.r.>.4.>. .4.0.=.>.W. .H.8.@.8.=.8.....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=...0.4.0.T. .2.8.A.>.B.C. .>.1.<.5.6.C.2.0.;.L.=.>.W. .@.0.<.:.8.,. .=.5. .2.:.;.N.G.0.N.G.8. .4.7.5.@.:.0.;.L.=.5. .2.V.4.>.1.@.0.6.5.=.=.O... .<.b.r.>...>.1.@.0.6.5.=.=.O.,. .>.B.@.8.<.0.=.5. .2. .@.5.7.C.;.L.B.0.B.V.,. .1.C.4.5. .0.4.0.?.B.>.2.0.=.>. .(.0.;.5. .=.5. .@.>.7.B.O.3.=.C.B.>.). .<.b.r.>.4.>. .4.0.=.>.W. .2.8.A.>.B.8.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=...0.4.0.T. .@.>.7.<.V.@. .4.>.4.0.B.:.>.2.>.3.>. .?.@.>.A.B.>.@.C. .7.2.5.@.E.C. .7.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-L54GG.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1817), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):173222
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.439930700902469
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:Z2r2jeGtPnEelamZsQCG3TTch9XN1t1kUTql2ryIHIT3N2rGpX/lLqF:krSvsQCGghHIT1LW
                                                                                                                                                                                                                                                                                      MD5:917F8742771EEF04BE52A7933228F459
                                                                                                                                                                                                                                                                                      SHA1:A1C503819872B9FBF8C98F57D05681E18293A859
                                                                                                                                                                                                                                                                                      SHA-256:C393934680217A35B98A3B5225821D7FEC0C3B30FF743C3F9C25595D4312B400
                                                                                                                                                                                                                                                                                      SHA-512:82F4682C0B8DB364BA8EFBDF2D5D3715855BE54029584D7ABEBFF117D6DDB43BA5797CC67D2D1D4CDC8A2D32D02A1E6E1448329D428FCC5C50BF94F1EEDB63E0
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.c.r.e.s.c.e.n.t.a. .u.m.a. .n.o.v.a. .d.i.m.e.n.s...o. ... .i.m.a.g.e.m.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.e. .a. .l.a.r.g.u.r.a. .d.o. .q.u.a.d.r.o. .l.i.m.i.t.a.n.t.e.,. .s.e.m. .c.o.n.s.i.d.e.r.a.r. .a. .i.m.a.g.e.m. .e.s.p.e.l.h.a.d.a. .A. .i.m.a.g.e.m. .r.e.s.u.l.t.a.n.t.e. .o.c.u.p.a.r... .t.o.d.a. .l.a.r.g.u.r.a. .(.s.e.m. .e.s.t.i.c.a.r.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e. .a. .a.l.t.u.r.a. .d.o. .q.u.a.d.r.o. .l.i.m.i.t.a.n.t.e.,. .s.e.m. .c.o.n.s.i.d.e.r.a.r. .a. .i.m.a.g.e.m. .e.s.p.e.l.h.a.d.a... .A. .i.m.a.g.e.m. .r.e.s.u.l.t.a.n.t.e. .o.c.u.p.a.r... .t.o.d.a. .a.l.t.u.r.a. .(.s.e.m. .e.s.t.i.c.a.r.).....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e. .o. .t.a.m.a.n.h.o. .d.o. .e.s.p.a...o. .e.x.t.r.a. .a.c.i.m.a. .d.a. .i.m.a.g.e.m.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e. .o. .t.a.m.a.n.h.o. .d.o. .e.s.p.a...o. .e.x.t.r.a. .a.b.a.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-L8LUO.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1792), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):169194
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.417309764447504
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:aWNYhFMDvTNjs8Gcbz8Sd06+4ljnAf+nSoMWIBXBHEtHiGYKj+Ie+I62zfXXRI5W:J1jnAy+Ie+ghI5N+YTbLqF
                                                                                                                                                                                                                                                                                      MD5:53F7FA50134F4A2F3213BB9FB86C2E43
                                                                                                                                                                                                                                                                                      SHA1:B36DDF40D9631638D3CB200912FEFB3D42D4E976
                                                                                                                                                                                                                                                                                      SHA-256:F0FA4B392CBE3E450CFAB24A36947AF7B7D5717A0CCF20B6C6A819AD39587026
                                                                                                                                                                                                                                                                                      SHA-512:D8E1C9781C9D10E44C2B67EC2FE4AA19B0C635A7E234345570C334EA4E1D93042B4D473C292489FB533D2406E2E01D205C57D04643B692715F3C53715BCD722B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.F...g.t. .d.e.m. .B.i.l.d. .e.i.n.e. .e.x.t.r.a. .D.i.m.e.n.s.i.o.n. .h.i.n.z.u.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.i.e.r.t. .d.i.e. .B.r.e.i.t.e. .d.e.s. .L.i.m.i.t.i.e.r.u.n.g.s.r.a.h.m.e.n.s.,. .o.h.n.e. .S.p.i.e.g.e.l.b.i.l.d... .D.a.s. .r.e.s.u.l.t.i.e.r.e.n.d.e. .B.i.l.d. .p.a.s.s.t. .i.n. .d.i.e. .B.r.e.i.t.e. .(.o.h.n.e. .D.e.h.n.u.n.g.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .h.e.i.g.h.t. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.). .t.h.e. .h.e.i.g.h.t.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f. .t.h.e. .e.x.t.r.a. .s.p.a.c.e. .a.b.o.v.e. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f. .t.h.e. .e.x.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-LQJK9.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):151774
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.6171405490650526
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:cUGNeTxdHc6/2ajSNYUH9LXxOVntE21X+/uclVaKSqPaevINNppuq2K/Rl0qowL:tMDHxXxONtE21X+/uclVaKSqPaevINN9
                                                                                                                                                                                                                                                                                      MD5:B5A3867180F7FD0529E00F32273DA6BD
                                                                                                                                                                                                                                                                                      SHA1:34EED3E5E4D7AFD84E96C34F72572B743C8BD6E5
                                                                                                                                                                                                                                                                                      SHA-256:7C27A1902A297BBC338A2E91757771022FAAA7274A821DF7CFCFF196FF14E329
                                                                                                                                                                                                                                                                                      SHA-512:CB1F48EF662203B1D3FFCDD18283CE534A86D9E0A9E9F17B246F7959A02525B3A092A7F6CCE99E634B0085D2133733438E380508AE8579D9287BE56A93A13AC8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.S.w.e.d.i.s.h...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=...k.e. .E.n.g.e.l.b.r.e.k.t.s.o.n...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.e.s.o.n.5.7.@.g.m.a.i.l...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.s.v._.S.E...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.S.k.i.c.k.a. .t.i.l.l. .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.J.a...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N.e.j...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.A.v.b.r.y.t...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.C.l.o.s.e...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.D.o.n.'.t. .a.s.k. .m.e. .a.g.a.i.n...D.e.f.L.a.n.g.N.a.m.e.=.S.t.a.n.d.a.r.d. .(.E.n.g.e.l.s.k.a.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.S.p.r...k.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.H.e.l.p. .u.s. .t.o. .u.p.d.a.t.e. .t.h.e. .t.r.a.n.s.l.a.t.i.o.n. .o.n. .C.r.o.w.d.i.n...c.o.m...I.m.a.g.e.N.a.m.e.L.a.b.e.l...C.a.p.t.i.o.n.=.B.i.l.d.n.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-MN1JQ.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):151534
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.593397829802342
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:kxy8ki8u/y0tOa26RZmOUHl9Xp0EbLrrlt//clVaKSJDtNtNNppA/Rl0q+yM:blHPXp0EbLrrlt//clVaKSJDtNtNNpu2
                                                                                                                                                                                                                                                                                      MD5:8D71A8202434B9687C68409E95357BB7
                                                                                                                                                                                                                                                                                      SHA1:0EFACB289A7DB0F19E1F428B6A5639AE06933F44
                                                                                                                                                                                                                                                                                      SHA-256:2F0ADAFE5F190D066143D2369D20893913DEE6AF96D625A9F694F1A7ED92B6DD
                                                                                                                                                                                                                                                                                      SHA-512:DF982F9069A4E8C4FC7C8BD57D612D616973F75EEA0CF85FF406AF392E70F7C3938C1FE58925CCEBE1D460E4E1287C1DE504773997F8C83CFBE70AB06C95DA9B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.C.a.t.a.l... .(.C.a.t.a.l.a.n.)...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.H.i.g.h. .M.o.t.i.o.n. .S.o.f.t.w.a.r.e...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.i.m.b.a.t.c.h.@.h.i.g.h.m.o.t.i.o.n.s.o.f.t.w.a.r.e...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.c.a._.E.S...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.E.n.v.i.a.r. .a. .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.S.i...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N.o...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.A.c.c.e.p.t.a...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.C.a.n.c.e.l...l.a...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.T.a.n.c.a...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.N.o. .m.'.h.o. .t.o.r.n.i.s. .a. .p.r.e.g.u.n.t.a.r...D.e.f.L.a.n.g.N.a.m.e.=.P.e.r. .d.e.f.e.c.t.e. .(.A.n.g.l...s.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.I.d.i.o.m.a.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.H.e.l.p. .u.s. .t.o. .u.p.d.a.t.e. .t.h.e. .t.r.a.n.s.l.a.t.i.o.n. .o.n. .

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-MQNV4.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1792), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):168750
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.413054703465746
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:vsWjM5TNjG8Jcbz8Sd06+4KjnA4+nZoMWIBXBHEtHiGYKj+Ie+5Z6azfXXRI5NkO:F6jnAm+Ie+ThI5fjYZLqF
                                                                                                                                                                                                                                                                                      MD5:E543FC1F8151BB63D66CF401AF114ED9
                                                                                                                                                                                                                                                                                      SHA1:744DEE3A857A3CE0DD565FA647FC2539CC501780
                                                                                                                                                                                                                                                                                      SHA-256:1FEAD2D5BA4E3330FD4490B1B72A80908946D0CA802EAEA380C76DDDC73DB223
                                                                                                                                                                                                                                                                                      SHA-512:93BD5260A4D7AD172039423D1217D5C4862469A63DE2D359970CE83A1B0FEEA0463BFC72E5DE9AC7BCA8070DD71B5F66EE38F19F1746D30B2C952B9EE3469AB4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.d.d.s. .a.n. .e.x.t.r.a. .d.i.m.e.n.s.i.o.n. .t.o. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .w.i.d.t.h. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .t.h.e. .w.i.d.t.h. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .h.e.i.g.h.t. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.). .t.h.e. .h.e.i.g.h.t.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f. .t.h.e. .e.x.t.r.a. .s.p.a.c.e. .a.b.o.v.e. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-OK2MV.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1746), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):171812
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.4387341821225235
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:lQpFSbOvS0rI3rk6eGGSeQx9Dh8QvGdEe+rYjZHrRI5mQ3gSSYZhd5:C7FII6eGGeCI5xwGhb
                                                                                                                                                                                                                                                                                      MD5:292CBC727EC1C20AF28E94D0235FF0C6
                                                                                                                                                                                                                                                                                      SHA1:FD8EF4B928EF63AFBC9B7D3D0AF40FD148BB3CB1
                                                                                                                                                                                                                                                                                      SHA-256:E8F9CF6664345BB4216571587B1FA751A27774D4F834D537F41B400DC0E1AA37
                                                                                                                                                                                                                                                                                      SHA-512:3DE93BA35C47C580AAD4010657FA59FDDBA84DCE7D124218C0BFE4B129093FD1B162B95BA9FD6D42916471D7F6D4B3535C767D8D868930A6FDA52B0147A6ADA6
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.d.i.c.i.o.n.a. .u.m.a. .d.i.m.e.n.s...o. .e.x.t.r.a. ... .i.m.a.g.e.m.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.e. .a. .l.a.r.g.u.r.a. .d.o. .l.i.m.i.t.e.,. .n...o. .i.n.c.l.u.i.n.d.o. .a. .i.m.a.g.e.m. .e.s.p.e.l.h.a.d.a... .A. .i.m.a.g.e.m. .r.e.s.u.l.t.a.n.t.e. .e.n.c.a.i.x.a.r.-.s.e.-... .n.a. .l.a.r.g.u.r.a. .(.s.e.m. .a.l.o.n.g.a.m.e.n.t.o.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e. .a. .l.a.r.g.u.r.a. .d.o. .l.i.m.i.t.e.,. .n...o. .i.n.c.l.u.i.n.d.o. .a. .i.m.a.g.e.m. .e.s.p.e.l.h.a.d.a... .A. .i.m.a.g.e.m. .r.e.s.u.l.t.a.n.t.e. .e.n.c.a.i.x.a.r.-.s.e.-... .n.a. .a.l.t.u.r.a. .(.s.e.m. .a.l.o.n.g.a.m.e.n.t.o.).....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e. .o. .t.a.m.a.n.h.o. .d.o. .e.s.p.a...o. .e.x.t.r.a. .a.c.i.m.a. .d.a. .i.m.a.g.e.m.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e. .o. .t.a.m.a.n.h.o. .d.o. .e.s.p.a...o. .e.x.t.r.a. .a.b.a.i.x.o. .d.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-OU938.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):159634
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.592872877749342
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:2KCPvYOGBI28dFqHgcLlXZnRIHSSRj0eq/DVaKS+UaeuT4AfDLdtYXxh4A28c1dl:DGYHVXZnRIHSSRj0eq/DVaKS+UaeuT4s
                                                                                                                                                                                                                                                                                      MD5:70AA678CDB6BA801058375EA573D277F
                                                                                                                                                                                                                                                                                      SHA1:53A4020DD8EDA85D6DC85BC31145C83BB966FD1D
                                                                                                                                                                                                                                                                                      SHA-256:DF04B6B76809D5542D068C8387913C8A107E5060778EB7B6B4C6FB1C41AA0087
                                                                                                                                                                                                                                                                                      SHA-512:CAA49AF9345FADB9387F9BE7C5FE044C82EA327C10ED7F05D8A041AD628E067A3EE92A6E03AB36BE5F916DC173BA965A174DAE1214BD51DDB703876573EB0695
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.B.r.a.z.i.l.i.a.n. .P.o.r.t.u.g.u.e.s.e...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.S.o.f.t.w.a.r.e. .d.e. .A.l.t.o. .M.o.v.i.m.e.n.t.o...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.i.m.b.a.t.c.h.@.h.i.g.h.m.o.t.i.o.n.s.o.f.t.w.a.r.e...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.p.t._.B.R...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.E.n.v.i.a.r. .p.a.r.a. .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.S.i.m...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N...o...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.C.a.n.c.e.l.a.r...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.F.e.c.h.a.r...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.N...o. .p.e.r.g.u.n.t.a.r. .d.e. .n.o.v.o...D.e.f.L.a.n.g.N.a.m.e.=.D.e.f.a.u.l.t. .(.E.n.g.l.i.s.h.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.L.i.n.g.u.a.g.e.m.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.A.j.u.d.e.-.n.o.s. .a. .a.t.u.a.l.i.z.a.r. .a. .t.r.a.d.u.....o.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-OUL1V.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):161062
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.594252676835424
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:CKzxZv9/73nm8DoHO/GrTBXJmWySRjx5hooZdKKovrhaeuT4Af64ZVt9tUjGVO/Q:19MHhrTBXJnySRjx5hooZdKKozhaeuTD
                                                                                                                                                                                                                                                                                      MD5:D7E0298893931503A3B5439703F25E7B
                                                                                                                                                                                                                                                                                      SHA1:0094EBB0E1065F83F804BEE267241BD62235A417
                                                                                                                                                                                                                                                                                      SHA-256:C8F8A416C723F8146D137AC190AA952B4DE6043DB0A40CA0AA286FB235312E1C
                                                                                                                                                                                                                                                                                      SHA-512:CC06D2204AB9ABC81A7933C5C3FCD59D764FE13039557BFBADF68BDC56840848ECB1256C5F4E0AAB9564DE9FD9EB35D5E57F995B05E7E670173ECBC19527561B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.P.o.r.t.u.g.u.e.s.e...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.H.i.g.h. .M.o.t.i.o.n. .S.o.f.t.w.a.r.e...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.i.m.b.a.t.c.h.@.h.i.g.h.m.o.t.i.o.n.s.o.f.t.w.a.r.e...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.p.t._.P.T...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.E.n.v.i.a.r. .p.a.r.a. .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.S.i.m...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N...o...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.C.a.n.c.e.l.a.r...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.F.e.c.h.a.r...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.N...o. .p.e.r.g.u.n.t.a.r. .n.o.v.a.m.e.n.t.e...D.e.f.L.a.n.g.N.a.m.e.=.P.a.d.r...o. .(.I.n.g.l...s.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.I.d.i.o.m.a.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.A.j.u.d.e.-.n.o.s. .a. .a.t.u.a.l.i.z.a.r. .a. .t.r.a.d.u.....o. .e.m. .C.r.o.w.d.i.n...c.o.m...I.m.a.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-REBDS.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):160062
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.362351974847042
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:KRt+6MSDtH+rxYD7UW+K6Dldhh5EW35Eq1ILphq5V7I4tAKiq7fPqKSFsAq9d:S6M7T6DlV5EW35Eq1ILphq5xI4tAKiqF
                                                                                                                                                                                                                                                                                      MD5:61F246DBD8BE0EBBC91CF76F06305EDA
                                                                                                                                                                                                                                                                                      SHA1:C48AA2EC373560EAA220B141E63966C5F199A661
                                                                                                                                                                                                                                                                                      SHA-256:9E145DDFE21DF29DD6031578A5DB9A86A0073025EECA969DF4A0EEBC83C3DC11
                                                                                                                                                                                                                                                                                      SHA-512:E99CF6071F46260190E6165E115FEBE4F1A097B2E66E5122E292B95B49BD897DEC645FB655726F66EF9DD3381E5E1EAA4BB3F233923AC7C3D213B6EE19CCE0E6
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.#.:.@.0.W.=.A.L.:.0. .(.U.k.r.a.i.n.i.a.n.)...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.H.i.g.h. .M.o.t.i.o.n. .S.o.f.t.w.a.r.e...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.i.m.b.a.t.c.h.@.h.i.g.h.m.o.t.i.o.n.s.o.f.t.w.a.r.e...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.u.k._.U.A...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=...V.4.?.@.0.2.8.B.8. .2. .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.".0.:...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=...V...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=...V.4.<.V.=.8.B.8...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=...0.:.@.8.B.8...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=...V.;.L.H.5. .=.5. .?.8.B.0.B.8...D.e.f.L.a.n.g.N.a.m.e.=...>. .7.0.<.>.2.G.C.2.0.=.=.N. .(...=.3.;.V.9.A.L.:.0.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=...>.2.0.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=...>.?.>.<.>.6.V.B.L. .=.0.<. .>.=.>.2.8.B.8. .?.5.@.5.:.;.0.4. .=.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-RLP02.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):156322
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.584505565254857
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:Mcx43f8giPiCystuzuv5vOajaP2G49gNH0SnCr0/3PPhZwwXLxmUoUl4vzIM6D23:SdOyHthjXQzIM6KK/gIAWhzKzXtdDNNz
                                                                                                                                                                                                                                                                                      MD5:EAC60B8269AC8506E7D82A5637EB8F3B
                                                                                                                                                                                                                                                                                      SHA1:884DF3551EFEDABC2A310BE1F67B37107BC30B49
                                                                                                                                                                                                                                                                                      SHA-256:7C072FAB880326703CD708D1E05BC23B7A283F50DCCC509B3755534E2818520B
                                                                                                                                                                                                                                                                                      SHA-512:B70AF546904AD69B1D2E8C75832E38033A215224B9DA2B2B5AE2E4A0A5070971D272E33B147DB4BF3F78B30795308729E97E1534EF6CA62B7D61C4DA21D19626
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.D.u.t.c.h...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.H.i.g.h. .M.o.t.i.o.n. .S.o.f.t.w.a.r.e...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.f.e.r...H.e.l.p.F.i.l.e.=.H.e.l.p.-.n.l._.N.L...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.T.o.e.v.o.e.g.e.n. .a.a.n. .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.J.a...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N.e.e...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.A.n.n.u.l.e.r.e.n...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.S.l.u.i.t.e.n...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.V.r.a.a.g. .m.e. .n.i.e.t. .w.e.e.r...D.e.f.L.a.n.g.N.a.m.e.=.S.t.a.n.d.a.a.r.d. .(.E.n.g.e.l.s.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.T.a.a.l.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.H.e.l.p. .u.s. .t.o. .u.p.d.a.t.e. .t.h.e. .t.r.a.n.s.l.a.t.i.o.n. .o.n. .C.r.o.w.d.i.n...c.o.m...I.m.a.g.e.N.a.m.e.L.a.b.e.l...C.a.p.t.i.o.n.=.A.f.b.e.e.l.d.i.n.g.s.n.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-RQ0NU.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):161684
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.359238901235878
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:LVCtDs3BY0KMLcjZCeq7ACkZu96Umf78j9bt/hB+ZhHMb1iav3vLmN2fZqHv:EwcQACkZk6Umf78j9bt/hB+vHMb1iavg
                                                                                                                                                                                                                                                                                      MD5:70EA80B0E993A1CF176EF9DC8E53E57B
                                                                                                                                                                                                                                                                                      SHA1:8954CA6B75D7BFDACB03B589C12F0E5B0784D208
                                                                                                                                                                                                                                                                                      SHA-256:2E067EC6EED8714531D5401A8437CEED210FD4FA16274CCFC9E27ED21AA29E68
                                                                                                                                                                                                                                                                                      SHA-512:5167DC356EA6BD676D8AB33FADE0C7614F4F2819DA718CF4BEFAAF4380EFCC7D8D7ED35F9D7EAB6F3744A5B76BB4A893FABF2F9BCB0E3A9CF708CA2B18D17522
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=. .C.A.A.:.8.9. .(.R.u.s.s.i.a.n.)...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.H.i.g.h. .M.o.t.i.o.n. .S.o.f.t.w.a.r.e...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.i.m.b.a.t.c.h.@.h.i.g.h.m.o.t.i.o.n.s.o.f.t.w.a.r.e...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.r.u._.R.U...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=...B.?.@.0.2.8.B.L. .2. .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=...0...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=...5.B...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=...B.<.5.=.0...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=...0.:.@.K.B.L...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=...>.;.L.H.5. .=.5. .A.?.@.0.H.8.2.0.B.L...D.e.f.L.a.n.g.N.a.m.e.=...>. .C.<.>.;.G.0.=.8.N. .(...=.3.;.8.9.A.:.8.9.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=./.7.K.:.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=...>.<.>.3.8.B.5. .=.0.<. .>.1.=.>.2.8.B.L. .?.5.@.5.2.>.4. .=.0. .C.r.o.w.d.i.n...

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-S2CP4.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1683), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):163640
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.4643220859857466
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:tId+7qlkNIZuhkdp59DXKtsL1g7j76i+AbfxpVQq9jiPPc08xOIHL20iN8vm5DZb:tIFF2jlMiwqW
                                                                                                                                                                                                                                                                                      MD5:797C3C3680AB78677015A18EAEFEB6B9
                                                                                                                                                                                                                                                                                      SHA1:2AE1CD00C31422D42298A22A6F7A17DB20C4F75A
                                                                                                                                                                                                                                                                                      SHA-256:977CB0D3C6E762C2577370F35680273F889D105B4DEA56729EF6BE44B1D4DBE3
                                                                                                                                                                                                                                                                                      SHA-512:BFD4743B5F37ECAE858AD017159941CE29BB8D0F6A7D2FF0768F88385F6F2D77224A629C148AB8E2E3F28B1DF73B91FBBAEEB929E71776F877EA647A606197CB
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.L.i.s..... .y.l.i.m.....r...i.s.e.n. .u.l.o.t.t.u.v.u.u.d.e.n. .k.u.v.a.a.n.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.M.....r.i.t.t..... .r.a.j.a.u.s.k.e.h.y.k.s.e.n. .l.e.v.e.y.d.e.n.,. .e.i. .p.e.i.l.i.k.u.v.a.a... .T.u.l.o.k.s.e.n.a. .o.l.e.v.a. .k.u.v.a. .s.o.p.i.i. .l.e.v.e.y.d.e.l.l.e. .(.v.e.n.y.t.t...m...t.t...).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.M.....r.i.t.t..... .r.a.j.a.u.s.k.e.h.y.k.s.e.n. .k.o.r.k.e.u.d.e.n.,. .e.i. .p.e.i.l.i.k.u.v.a.a... .T.u.l.o.k.s.e.n.a. .o.l.e.v.a. .k.u.v.a. .s.o.v.e.l.t.u.u. .(.v.e.n.y.t.t...m...t.t...). .k.o.r.k.e.u.t.t.a.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.M.....r.i.t.t..... .y.l.i.m.....r...i.s.e.n. .t.i.l.a.n. .k.o.o.n. .k.u.v.a.n. .y.l...p.u.o.l.e.l.l.a.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.M.....r.i.t.t..... .k.u.v.a.n. .a.l.a.p.u.o.l.e.l.l.a. .o.l.e.v.a.n. .l.i.s...t.i.l.a.n.....T.a.s.k.3.D.I.m.a.g.e.L.e.f.t.M.a.r.g.i.n.H.e.l.p.=.M.....r.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-SKI8O.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1792), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):168750
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.413054703465746
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:vsWjM5TNjG8Jcbz8Sd06+4KjnA4+nZoMWIBXBHEtHiGYKj+Ie+5Z6azfXXRI5NkO:F6jnAm+Ie+ThI5fjYZLqF
                                                                                                                                                                                                                                                                                      MD5:E543FC1F8151BB63D66CF401AF114ED9
                                                                                                                                                                                                                                                                                      SHA1:744DEE3A857A3CE0DD565FA647FC2539CC501780
                                                                                                                                                                                                                                                                                      SHA-256:1FEAD2D5BA4E3330FD4490B1B72A80908946D0CA802EAEA380C76DDDC73DB223
                                                                                                                                                                                                                                                                                      SHA-512:93BD5260A4D7AD172039423D1217D5C4862469A63DE2D359970CE83A1B0FEEA0463BFC72E5DE9AC7BCA8070DD71B5F66EE38F19F1746D30B2C952B9EE3469AB4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.d.d.s. .a.n. .e.x.t.r.a. .d.i.m.e.n.s.i.o.n. .t.o. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .w.i.d.t.h. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .t.h.e. .w.i.d.t.h. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .h.e.i.g.h.t. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.). .t.h.e. .h.e.i.g.h.t.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f. .t.h.e. .e.x.t.r.a. .s.p.a.c.e. .a.b.o.v.e. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-TRHK1.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1711), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):182368
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.4250587097222382
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:gLW/DyxXMgOS1SLxlojeWahTM1GgKXE8QfLagcyMshhImjOzeLgMIFI06rDG7ia1:TLYkLxOjeWqEsQhmzM+cyYFS
                                                                                                                                                                                                                                                                                      MD5:1A444F16866C3AA1916760DFD4A77E4C
                                                                                                                                                                                                                                                                                      SHA1:50869337A75BABD2127D71ABC7168AC1E0F96118
                                                                                                                                                                                                                                                                                      SHA-256:F612FD7984EAE9D1F53195F5A5534A5835C147DB01B84B963D72789479F0BEC0
                                                                                                                                                                                                                                                                                      SHA-512:00F300A669E420B7B0AE19D9E03261381A04C1C002671A45666D9CF4A9B83D9577A24ECDA1AF8797DAEBB3EEF54CDC68C37C18F93A2E42CC5DDFFEB22B5A8557
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.j.o.u.t.e. .u.n.e. .d.i.m.e.n.s.i.o.n. .s.u.p.p.l...m.e.n.t.a.i.r.e. ... .l.'.i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D...f.i.n.i.t. .l.a. .l.a.r.g.e.u.r. .d.u. .c.a.d.r.e. .d.e. .l.i.m.i.t.a.t.i.o.n.,. ... .l.'.e.x.c.l.u.s.i.o.n. .d.e. .l.'.i.m.a.g.e. .m.i.r.o.i.r... .L.'.i.m.a.g.e. .r...s.u.l.t.a.n.t.e. .s.e.r.a. .f.o.n.c.t.i.o.n. .d.e. .l.a. .l.a.r.g.e.u.r. .(.s.a.n.s. ...t.i.r.e.m.e.n.t.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D...f.i.n.i.t. .l.a. .h.a.u.t.e.u.r. .d.u. .c.a.d.r.e. .d.e. .l.i.m.i.t.a.t.i.o.n.,. ... .l.'.e.x.c.l.u.s.i.o.n. .d.e. .l.'.i.m.a.g.e. .m.i.r.o.i.r... .L.'.i.m.a.g.e. .r...s.u.l.t.a.n.t.e. .s.e.r.a. .f.o.n.c.t.i.o.n. .d.e. .l.a. .h.a.u.t.e.u.r. .(.s.a.n.s. ...t.i.r.e.m.e.n.t.).....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D...f.i.n.i.t. .l.a. .t.a.i.l.l.e. .d.e. .l.'.e.s.p.a.c.e. .s.u.p.p.l...m.e.n.t.a.i.r.e. .a.u.-.d.e.s.s.u.s. .d.e. .l.'.i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.B.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-TU4SP.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1792), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):168750
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.413054703465746
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:vsWjM5TNjG8Jcbz8Sd06+4KjnA4+nZoMWIBXBHEtHiGYKj+Ie+5Z6azfXXRI5NkO:F6jnAm+Ie+ThI5fjYZLqF
                                                                                                                                                                                                                                                                                      MD5:E543FC1F8151BB63D66CF401AF114ED9
                                                                                                                                                                                                                                                                                      SHA1:744DEE3A857A3CE0DD565FA647FC2539CC501780
                                                                                                                                                                                                                                                                                      SHA-256:1FEAD2D5BA4E3330FD4490B1B72A80908946D0CA802EAEA380C76DDDC73DB223
                                                                                                                                                                                                                                                                                      SHA-512:93BD5260A4D7AD172039423D1217D5C4862469A63DE2D359970CE83A1B0FEEA0463BFC72E5DE9AC7BCA8070DD71B5F66EE38F19F1746D30B2C952B9EE3469AB4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.A.d.d.s. .a.n. .e.x.t.r.a. .d.i.m.e.n.s.i.o.n. .t.o. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .w.i.d.t.h. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .t.h.e. .w.i.d.t.h. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.).....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .h.e.i.g.h.t. .o.f. .t.h.e. .l.i.m.i.t.i.n.g. .f.r.a.m.e.,. .n.o.t. .i.n.c.l.u.d.i.n.g. .t.h.e. .m.i.r.r.o.r. .i.m.a.g.e... .T.h.e. .r.e.s.u.l.t.i.n.g. .i.m.a.g.e. .w.i.l.l. .f.i.t. .(.w.i.t.h.o.u.t. .s.t.r.e.t.c.h.i.n.g.). .t.h.e. .h.e.i.g.h.t.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f. .t.h.e. .e.x.t.r.a. .s.p.a.c.e. .a.b.o.v.e. .t.h.e. .i.m.a.g.e.....T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=.D.e.f.i.n.e.s. .t.h.e. .s.i.z.e. .o.f.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-U6QK1.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):159994
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5637735612442523
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:YoSoPenQqwWxbUDcSCpi/S3Izz2a2vHibOG1ePBAh3rzSddL4OPM7gvogo5daeQV:dnKHkePBABrzSddL4OPM7gvogo5daeQV
                                                                                                                                                                                                                                                                                      MD5:BDF3E1545747D4C0DB67E307316B9B6D
                                                                                                                                                                                                                                                                                      SHA1:8443962CB3E082F5C5021ADCDD015B602B42CA70
                                                                                                                                                                                                                                                                                      SHA-256:93EFD74DD83257E290226DBA1FED416DC5CBBEFC0E5130A93DDF835B6D7061BB
                                                                                                                                                                                                                                                                                      SHA-512:D2756D217F9752072765A45BCFA1B1AEAF7F0193A044BCD3E7FC33FD621E1AD935A8D3F337E4E1D24215EAEA48C808B48D6A5402DCD4CF37A6E062E3F1C1FF31
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.I.t.a.l.i.a.n...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.H.i.g.h. .M.o.t.i.o.n. .S.o.f.t.w.a.r.e...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.i.m.b.a.t.c.h.@.h.i.g.h.m.o.t.i.o.n.s.o.f.t.w.a.r.e...c.o.m...H.e.l.p.F.i.l.e.=.H.e.l.p.-.i.t._.I.T...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.I.n.v.i.a. .a. .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.S.i...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N.o...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.A.n.n.u.l.l.a...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.C.h.i.u.d.i...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.N.o.n. .c.h.i.e.d.e.r.l.o. .p.i.....D.e.f.L.a.n.g.N.a.m.e.=.P.r.e.d.e.f.i.n.i.t.o. .(.E.n.g.l.i.s.h.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.L.i.n.g.u.a.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.A.i.u.t.a.c.i. .a.d. .a.g.g.i.o.r.n.a.r.e. .l.a. .t.r.a.d.u.z.i.o.n.e. .s.u. .C.r.o.w.d.i.n...c.o.m...I.m.a.g.e.N.a.m.e.L.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-UF06K.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):155752
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5895441543792983
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:1TmtvbkYZj3xYLLPHKzyK0SbLrrlt//clVaKSJDtNtNNppA/Rl0qeyM:VDHmyK0SbLrrlt//clVaKSJDtNtNNpu2
                                                                                                                                                                                                                                                                                      MD5:679D0A5423446FF231BF24C91D949347
                                                                                                                                                                                                                                                                                      SHA1:4879E16C64D2DED26A2340D8231EA12E3F351D68
                                                                                                                                                                                                                                                                                      SHA-256:EFBEA5F008D03CB64981775C8ACB4A59EAF86DB69F18394926B4D55436C2D16F
                                                                                                                                                                                                                                                                                      SHA-512:71D6F50D5754B50073428F8A7873AE62503FF894BB9E2B0EFC6B1B10D46C0547E9AA00CED40D894E56DAFB926A1F7713A652AA8FB134F63D5235BA535BEC17CB
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.]...L.a.n.g.u.a.g.e.N.a.m.e.=.E.s.p.a...o.l...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.T.r.a.n.s.l.a.t.o.r.M.x...T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.t.r.a.n.s.l.a.t.o.r.m.x.@.l.i.v.e...c.o.m...m.x...H.e.l.p.F.i.l.e.=.H.e.l.p.-.e.s._.E.S...t.x.t.....[.T.e.x.t.]...A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.E.n.v.i.a.r. .a. .I.m.B.a.t.c.h...D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.S.i...D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N.o...D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K...D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.C.a.n.c.e.l.a.r...D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.C.e.r.r.a.r...D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.N.o. .v.o.l.v.e.r. .a. .p.r.e.g.u.n.t.a.r...D.e.f.L.a.n.g.N.a.m.e.=.D.e.f.a.u.l.t. .(.I.n.g.l...s.)...L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.I.d.i.o.m.a.:...O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.A.y...d.a.n.o.s. .a. .a.c.t.u.a.l.i.z.a.r. .l.a. .t.r.a.d.u.c.c.i...n. .e.n. .C.r.o.w.d.i.n...c.o.m...I.m.a.g.e.N.a.m.e.L.a.b.e.l...C.a.p.t.i.o.n.=.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-UM0OK.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (778), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):76582
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.804221361129128
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:TZMhztLQVB1dRj3WXVCaSKyIXNhvdQxKnXo2Cimkvsydgo3WMEg+pdOFtqd:TUL4Pj3WXVPHyIbvdQxKnXoSO
                                                                                                                                                                                                                                                                                      MD5:E8B319C9BB9F0AAAFF40259B5AA411BB
                                                                                                                                                                                                                                                                                      SHA1:B52F06A95F76DB4430D9C3EBED462713E79875EB
                                                                                                                                                                                                                                                                                      SHA-256:129ABDE61BF655411A510ADCC9C1CFE0157D7E0BC16819FF53A0EA927D50F604
                                                                                                                                                                                                                                                                                      SHA-512:7E6FF456433426069D937E948735849034C0C72ADDC89611AFFEBDCAD5AC0EC111F4A99392CDBDF132BB7E698E9CC7404A054DC39C48C56C91B203B130C27F20
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=.:N.V.P.m.R...Y.v:\.[.0..T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=..[INP.6R'^.v.[.^...N.S.b\..P.0.u.b.v.V.P.\...T.[.^...N.b8O...0..T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=..[INP.6RFh.v..^...N.S.b\..P.0.u.b.v.V.P.\...T...e...b8O....^.0..T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=..[IN.V.P.N.e.YYOzz...v'Y.\.0..T.a.s.k.3.D.I.m.a.g.e.B.o.t.t.o.m.M.a.r.g.i.n.H.e.l.p.=..[IN.V.P.N.e.YYOzz...v'Y.\.0..T.a.s.k.3.D.I.m.a.g.e.L.e.f.t.M.a.r.g.i.n.H.e.l.p.=.(W.V.P.].O.[IN...Y.vzz...0..T.a.s.k.3.D.I.m.a.g.e.R.i.g.h.t.M.a.r.g.i.n.H.e.l.p.=.(W.V.P.S.O.[IN...Y.vzz...0..T.a.s.k.3.D.I.m.a.g.e.A.n.g.l.e.H.e.l.p.=..[IN.v.[.N.W.vt..el. .3.D. .zz..-N.V.P.v..^.0..T.a.s.k.3.D.I.m.a.g.e.D.e.p.t.h.H.e.l.p.=..[INof.m.0..T.a.s.k.3.D.I.m.a.g.e.U.p.D.o.w.n.P.o.s.H.e.l.p.=..[IN.V.P.v.W.vMOn..0..T.a.s.k.3.D.I.m.a.g.e.S.h.o.w.R.e.f.l.e.c.t.i.o.n.H.e.l.p.=..Y.g..-Ndk..y....\.R.^.N*NJS...f.V.P.0..T.a.s.k.3.D.I.m.a.g.e.R.e.f.l.e.c.t.i.o.n.S.t.a.r.t.H.e.l.p.=..[IN.N

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-USUHG.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1640), with CR line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):178348
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.1138819714129555
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:Y69PntzuSSnSE/OFWXCU8FFWnFj4kqexgDapEh7YeYPwx:XsSSnSE/CWXmEFj4kqugDapEh7Yevx
                                                                                                                                                                                                                                                                                      MD5:9291CA4C1942764FEA0F3820A8418D7B
                                                                                                                                                                                                                                                                                      SHA1:6A03033522CFAD139CCB105C28686206571EEC35
                                                                                                                                                                                                                                                                                      SHA-256:2F1C1F3231AB3682859DA6032C082E6AA979343506EE0E476D999971C811AF5B
                                                                                                                                                                                                                                                                                      SHA-512:39DDEDFFAE904780ECD716028BA6B5EB6FF17546A18077E3FAA6CDF9E609F327AAA46426384201E2F177A9DE562064A60F2340FA9C1771B11C65DD11754EA257
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.H.e.l.p.]...T.a.s.k.3.D.I.m.a.g.e.H.e.l.p.=...>.1.0.2.;.O.5.B. .?.5.@.A.?.5.:.B.8.2.C. .8.7.>.1.@.0.6.5.=.8.N.....T.a.s.k.3.D.I.m.a.g.e.W.i.d.t.h.H.e.l.p.=...0.4.0.5.B. .H.8.@.8.=.C. .>.3.@.0.=.8.G.8.B.5.;.L.=.>.9. .@.0.<.:.8.,. .=.5. .2.:.;.N.G.0.O. .7.5.@.:.0.;.L.=.>.5. .>.B.@.0.6.5.=.8.5... .<.b.r.>...7.>.1.@.0.6.5.=.8.5.,. .?.>.;.C.G.5.=.=.>.5. .2. .@.5.7.C.;.L.B.0.B.5.,. .1.C.4.5.B. .0.4.0.?.B.8.@.>.2.0.=.>. .(.=.>. .=.5. .@.0.A.B.O.=.C.B.>.). .<.b.r.>.:. .4.0.=.=.>.9. .H.8.@.8.=.5.....T.a.s.k.3.D.I.m.a.g.e.H.e.i.g.h.t.H.e.l.p.=...0.4.0.5.B. .2.K.A.>.B.C. .>.3.@.0.=.8.G.8.B.5.;.L.=.>.9. .@.0.<.:.8.,. .=.5. .2.:.;.N.G.0.O. .7.5.@.:.0.;.L.=.>.5. .>.B.@.0.6.5.=.8.5... .<.b.r.>...7.>.1.@.0.6.5.=.8.5.,. .?.>.;.C.G.5.=.=.>.5. .2. .@.5.7.C.;.L.B.0.B.5.,. .1.C.4.5.B. .0.4.0.?.B.8.@.>.2.0.=.>. .(.=.>. .=.5. .@.0.A.B.O.=.C.B.>.). .<.b.r.>.:. .4.0.=.=.>.9. .2.K.A.>.B.5.....T.a.s.k.3.D.I.m.a.g.e.T.o.p.M.a.r.g.i.n.H.e.l.p.=...0.4.0.5.B. .@.0.7.<.5.@. .4.>.?.>.;.=.8.B.5.;.L.=.>.3.>. .?.@.>.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Languages\is-V5P70.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):156026
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.612283753716502
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:ijE8miOkFyotISw6Jp8OclF1lD8YbxhBBfXl1OfP4ogjTvPvPPZjgbNGan7l8qui:P9lnlD8UxhBBfXl1OfP4ogjTvPvPPZW9
                                                                                                                                                                                                                                                                                      MD5:0BBC2DA025CED1FD88DECA5374D42815
                                                                                                                                                                                                                                                                                      SHA1:65458F80127726BBB72CD2B7F816219EE3623A71
                                                                                                                                                                                                                                                                                      SHA-256:90358B347206EFB49CC210E41A4048CB45E23B83D96BE3BB3940B535882A1E93
                                                                                                                                                                                                                                                                                      SHA-512:D9DAC4D64972AE69C9C29B35FF32F4FD229EC6725E034F56E48B2F7045D74EE3ED1744ACC60DD80C2B035229242A35E0FDDD20E942B5A5355AC3F8252B6552FA
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.O.p.t.i.o.n.s.].....L.a.n.g.u.a.g.e.N.a.m.e.=.E.n.g.l.i.s.h.....T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.=.H.i.g.h. .M.o.t.i.o.n. .S.o.f.t.w.a.r.e.....T.r.a.n.s.l.a.t.i.o.n.A.u.t.h.o.r.E.m.a.i.l.=.i.m.b.a.t.c.h.@.h.i.g.h.m.o.t.i.o.n.s.o.f.t.w.a.r.e...c.o.m.....H.e.l.p.F.i.l.e.=.H.e.l.p.-.e.n._.E.n...t.x.t.........[.T.e.x.t.].....A.d.d.T.o.I.m.B.a.t.c.h.S.h.e.l.l.C.o.m.m.a.n.d.=.S.e.n.d. .t.o. .I.m.B.a.t.c.h.....D.l.g.B.t.n.Y.e.s...C.a.p.t.i.o.n.=.Y.e.s.....D.l.g.B.t.n.N.o...C.a.p.t.i.o.n.=.N.o.....D.l.g.B.t.n.O.k...C.a.p.t.i.o.n.=.O.K.....D.l.g.B.t.n.C.a.n.c.e.l...C.a.p.t.i.o.n.=.C.a.n.c.e.l.....D.l.g.B.t.n.C.l.o.s.e...C.a.p.t.i.o.n.=.C.l.o.s.e.....D.l.g.D.o.n.t.A.s.k...C.a.p.t.i.o.n.=.D.o.n.'.t. .a.s.k. .m.e. .a.g.a.i.n.....D.e.f.L.a.n.g.N.a.m.e.=.D.e.f.a.u.l.t. .(.E.n.g.l.i.s.h.).....L.a.n.g.u.a.g.e.s...C.a.p.t.i.o.n.=.L.a.n.g.u.a.g.e.:.....O.p.t.i.o.n.s...H.e.l.p.T.r.a.n.s.l.a.t.e...H.i.n.t.=.H.e.l.p. .u.s. .t.o. .u.p.d.a.t.e. .t.h.e. .t.r.a.n.s.l.a.t.i.o.n. .o.n. .C.r.o.w.d.i.n...c.o.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\License-En.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1412
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.804308173476608
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:9FjqCTe9G6+QbqNgl+3mMIRW0QgbEL8JhQelqEFVL5IFqKDm2xXljDzcv:/eQ6vrl+WJoTH4J2e9bLGq8m2x16
                                                                                                                                                                                                                                                                                      MD5:45E2BE1D7642CAE2B13F8A9F076F75C0
                                                                                                                                                                                                                                                                                      SHA1:FB0EC0663C53EF439A437FBF4B64B0E603632231
                                                                                                                                                                                                                                                                                      SHA-256:F6538020DF9EA8F67B72F3C4FC8374EE585223628F10B0725A35E5B12C4CD462
                                                                                                                                                                                                                                                                                      SHA-512:3D7A9C9D7F607A1DBA7188F42A791A9018625D5CF9DDDEC5CDBD3812E108A4CA1F176E581C87B4DE6BE1E2D499022850D70F0783D5189CD677AE9B36FED47DE9
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:ImBatch License Agreement..==================..IF YOU DOWNLOAD OR USE THIS PROGRAM YOU AGREE TO THESE TERMS.....License Agreement and Warranty Disclaimer....You should carefully read the following terms and conditions before using this software. Use of this software indicates your acceptance of these terms and conditions. If you do not agree with them, do not use the software.....Disclaimer of Warranty..---------------------------....ImBatch (this software) is provided "as-is" and without warranty of any kind, express, implied or otherwise, including without limitation, any warranty of merchantability or fitness for a particular purpose. ....In no event shall the author of this software be held liable for data loss, damages, loss of profits or any other kind of loss while using or misusing this software.....License..---------------------------....ImBatch is free for personal and educational (including non-profit organization) use. In these cases, you are granted the right to use and to

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Plugins\heif\heif.dll (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):88064
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.336338864510238
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:DpqYDLBe26qMqVyor9ucs3ofMZVsZJRvnsWacdydOGfm1Z5pz3D:HUbqvVyLcs3orPRtydrfm1Z5pz3D
                                                                                                                                                                                                                                                                                      MD5:C569CB52104283884941E21102ADCF95
                                                                                                                                                                                                                                                                                      SHA1:CD285C2808DBF4BC066BDAC52127504A012C9DD4
                                                                                                                                                                                                                                                                                      SHA-256:CBE054911D25C4D6C0A9C9E85F5F62F9A520795A2EC39ED623C84B26CD622EFE
                                                                                                                                                                                                                                                                                      SHA-512:C45573A80A02886A55345BD9BA6E681F88CD19C147678A79365E113A3CF6E3098223B5571F47177BBF4495AD44997978C6F825C8E338824F3C8395FF343A1B66
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........j..j..j......j.......j......j......j......j......j......j..=...j..j...j..=...j..=...j..=.z.j..=...j..Rich.j..........PE..L...d..`...........!................! ....................................................@.........................pH.......I..<....................................<..p............................<..@...............p............................text............................... ..`.rdata...b.......d..................@..@.data........`.......:..............@....rsrc................F..............@..@.reloc...............H..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Plugins\heif\is-A1M78.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):88064
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.336338864510238
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:DpqYDLBe26qMqVyor9ucs3ofMZVsZJRvnsWacdydOGfm1Z5pz3D:HUbqvVyLcs3orPRtydrfm1Z5pz3D
                                                                                                                                                                                                                                                                                      MD5:C569CB52104283884941E21102ADCF95
                                                                                                                                                                                                                                                                                      SHA1:CD285C2808DBF4BC066BDAC52127504A012C9DD4
                                                                                                                                                                                                                                                                                      SHA-256:CBE054911D25C4D6C0A9C9E85F5F62F9A520795A2EC39ED623C84B26CD622EFE
                                                                                                                                                                                                                                                                                      SHA-512:C45573A80A02886A55345BD9BA6E681F88CD19C147678A79365E113A3CF6E3098223B5571F47177BBF4495AD44997978C6F825C8E338824F3C8395FF343A1B66
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........j..j..j......j.......j......j......j......j......j......j..=...j..j...j..=...j..=...j..=.z.j..=...j..Rich.j..........PE..L...d..`...........!................! ....................................................@.........................pH.......I..<....................................<..p............................<..@...............p............................text............................... ..`.rdata...b.......d..................@..@.data........`.......:..............@....rsrc................F..............@..@.reloc...............H..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Plugins\imagemagick\License.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (951)
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):10839
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.544881527495177
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:VTqhCr2/tVo4UTo1v1FNnFj6n5Gv2q1CVzhOCoHqxLJbzjw+:VTqhCGJUk19fKs4HbLNJ
                                                                                                                                                                                                                                                                                      MD5:BE2B55739440967662A7D317879322C7
                                                                                                                                                                                                                                                                                      SHA1:C89416FA10E64DAC183B15592116639CD96512F1
                                                                                                                                                                                                                                                                                      SHA-256:DC00ECF5E0C74BC3E3B7069D82ADA9B757605FBE3A70B3DC44F66107321113BF
                                                                                                                                                                                                                                                                                      SHA-512:65C041A5EB7B906F83DF691CFA8FCCD6FCF316D3E5B310F737753345C78CE2CD7E4BF88001F137EC251B38FFE39777163F7E992DE2D7837B92B6729C0F5E7A1C
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:The authoratitive ImageMagick license can be found at.http://www.imagemagick.org/script/license.php and ImageMagick notices at.http://www.imagemagick.org/www/Notice.html...Before we get to the text of the license lets just review what the license says in simple terms:..It allows you to:.. * freely download and use ImageMagick software, in whole or in part, for personal, company internal, or commercial purposes;. * use ImageMagick software in packages or distributions that you create...It forbids you to:.. * redistribute any piece of ImageMagick-originated software without proper attribution;. * use any marks owned by ImageMagick Studio LLC in any way that might state or imply that ImageMagick Studio LLC endorses your distribution;. * use any marks owned by ImageMagick Studio LLC in any way that might state or imply that you created the ImageMagick software in question...It requires you to:.. * include a copy of the license in any redistribution you may make that inclu

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Plugins\imagemagick\imagemagick.dll (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):3919872
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.989343641832938
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:49152:9OlZ21sJV49MR30vVqgk9Mm4q+As1T+HLq6zvC:9G//4lkmm4S7vC
                                                                                                                                                                                                                                                                                      MD5:8679002F455AB7EBB0A531FDB9FE3E60
                                                                                                                                                                                                                                                                                      SHA1:4C325864A39441D0AC169BAC5487637126F4F546
                                                                                                                                                                                                                                                                                      SHA-256:6705FBC3479BD0AD91A8A821AAC9B8DE7A5001AFD9AD7F9C0D0174265D7CE528
                                                                                                                                                                                                                                                                                      SHA-512:6760A09A32C0A709CE362C7371438D0F03C5709F905A7DE6AB1578267FB92631B365FA84D5C0436BEDB4E540EFDBF33AA99D336E431642E30362B493C45E1E1B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................+.......+...l...........+...............2.......2.......+.......+.......+.......Rich............................PE..L......C...........!.....`#..0......S/"......p#...............................>....................................../5.....T!5..............................P<...............................4......................p#..............................text....U#......`#................. ..`.rdata.......p#......p#.............@..@.data........@5..0...@5.............@....tls.........@<......p9.............@....reloc...H...P<..P....9.............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Plugins\imagemagick\is-1E3EV.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):3919872
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.989343641832938
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:49152:9OlZ21sJV49MR30vVqgk9Mm4q+As1T+HLq6zvC:9G//4lkmm4S7vC
                                                                                                                                                                                                                                                                                      MD5:8679002F455AB7EBB0A531FDB9FE3E60
                                                                                                                                                                                                                                                                                      SHA1:4C325864A39441D0AC169BAC5487637126F4F546
                                                                                                                                                                                                                                                                                      SHA-256:6705FBC3479BD0AD91A8A821AAC9B8DE7A5001AFD9AD7F9C0D0174265D7CE528
                                                                                                                                                                                                                                                                                      SHA-512:6760A09A32C0A709CE362C7371438D0F03C5709F905A7DE6AB1578267FB92631B365FA84D5C0436BEDB4E540EFDBF33AA99D336E431642E30362B493C45E1E1B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................+.......+...l...........+...............2.......2.......+.......+.......+.......Rich............................PE..L......C...........!.....`#..0......S/"......p#...............................>....................................../5.....T!5..............................P<...............................4......................p#..............................text....U#......`#................. ..`.rdata.......p#......p#.............@..@.data........@5..0...@5.............@....tls.........@<......p9.............@....reloc...H...P<..P....9.............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Plugins\imagemagick\is-AS8B9.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (951)
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):10839
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.544881527495177
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:VTqhCr2/tVo4UTo1v1FNnFj6n5Gv2q1CVzhOCoHqxLJbzjw+:VTqhCGJUk19fKs4HbLNJ
                                                                                                                                                                                                                                                                                      MD5:BE2B55739440967662A7D317879322C7
                                                                                                                                                                                                                                                                                      SHA1:C89416FA10E64DAC183B15592116639CD96512F1
                                                                                                                                                                                                                                                                                      SHA-256:DC00ECF5E0C74BC3E3B7069D82ADA9B757605FBE3A70B3DC44F66107321113BF
                                                                                                                                                                                                                                                                                      SHA-512:65C041A5EB7B906F83DF691CFA8FCCD6FCF316D3E5B310F737753345C78CE2CD7E4BF88001F137EC251B38FFE39777163F7E992DE2D7837B92B6729C0F5E7A1C
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:The authoratitive ImageMagick license can be found at.http://www.imagemagick.org/script/license.php and ImageMagick notices at.http://www.imagemagick.org/www/Notice.html...Before we get to the text of the license lets just review what the license says in simple terms:..It allows you to:.. * freely download and use ImageMagick software, in whole or in part, for personal, company internal, or commercial purposes;. * use ImageMagick software in packages or distributions that you create...It forbids you to:.. * redistribute any piece of ImageMagick-originated software without proper attribution;. * use any marks owned by ImageMagick Studio LLC in any way that might state or imply that ImageMagick Studio LLC endorses your distribution;. * use any marks owned by ImageMagick Studio LLC in any way that might state or imply that you created the ImageMagick software in question...It requires you to:.. * include a copy of the license in any redistribution you may make that inclu

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Plugins\is-QE09U.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1884
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.6311767214951924
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:rpGYfh5WxavAGhCX1abCnJQl5eeiWHXCENP:rEYpkAQwCJ6iECsP
                                                                                                                                                                                                                                                                                      MD5:05DDCB5E96A261F17C52255CF9785DE7
                                                                                                                                                                                                                                                                                      SHA1:7D631AF3FB55FA375511B858F894D8286A6F8872
                                                                                                                                                                                                                                                                                      SHA-256:A9379EFB3FA29FB66C937DE7C87E539EAEAD57315A5F448EC788E94253E4460F
                                                                                                                                                                                                                                                                                      SHA-512:3A69B8525C96A1063D9FAD04C3C9FAAFDE8BAEBB6E4CBBD11F77C97E49C02A93546AA2C3A1519AD454F0B9F99BC1C9E93DADDF8F613F55AEA44567B736E8FC5A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.i.m.a.g.e.m.a.g.i.c.k.].....I.n.t.e.r.n.a.l.N.a.m.e.=.i.m.a.g.e.m.a.g.i.c.k.....F.i.l.e.N.a.m.e.=.P.l.u.g.i.n.s.\.i.m.a.g.e.m.a.g.i.c.k.\.i.m.a.g.e.m.a.g.i.c.k...d.l.l.....P.l.u.g.i.n.N.a.m.e.=.I.m.a.g.e.M.a.g.i.c.k. .P.l.u.g.i.n.....A.c.t.i.v.e.=.1.....D.e.s.c.r.i.p.t.i.o.n.=.I.m.a.g.e.M.a.g.i.c.k. .a.d.d.s. .s.u.p.p.o.r.t.s. .f.o.r. .m.o.r.e. .t.h.a.n. .9.0. .i.m.a.g.e. .f.o.r.m.a.t.s.,. .i.n.c.l.u.d.i.n.g. .P.C.D.,. .D.I.C.O.M.,. .C.U.T.,. .A.V.S.,. .C.I.N.,. .D.O.T.,. .D.P.X.,. .F.I.T.S.,. .F.P.X.,. .H.D.F.,. .M.A.T.,. .M.I.F.F.,. .M.T.V.,. .P.A.L.M.,. .P.C.L.,. .P.I.C.T.,. .P.I.X.,. .P.W.P.,. .R.L.A.,. .S.G.I.,. .S.U.N.,. .S.V.G.,. .T.T.F.,. .V.I.F.F.,. .X.B.M.,. .X.C.F.,. .X.P.M.....E.x.c.l.u.d.e.d.E.x.t.s.=.........[.j.b.i.g.].....I.n.t.e.r.n.a.l.N.a.m.e.=.j.b.i.g.....F.i.l.e.N.a.m.e.=.P.l.u.g.i.n.s.\.j.b.i.g.\.j.b.i.g.l.i.b...d.l.l.....P.l.u.g.i.n.N.a.m.e.=.J.B.I.G. .P.l.u.g.i.n.....A.c.t.i.v.e.=.1.....D.e.s.c.r.i.p.t.i.o.n.=.J.B.I.G.-.K.I.T. .i.m.p.l.e.m.e.n.t.s. .a. .h.i.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Plugins\jbig\is-9AH33.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):84992
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.171088158859144
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:jQm1UtRXF0UwPy7aHxi9VCfyqTYE+roOkXnjXN5XQ4pm6MetGsGp:jQ6UX70w9VCfyqIkjXHA49/K
                                                                                                                                                                                                                                                                                      MD5:7955C4A9D51FAFF49EC290D1F414D8FC
                                                                                                                                                                                                                                                                                      SHA1:D84ADFF2A1631E479184E03A566442A2BE8A9C6F
                                                                                                                                                                                                                                                                                      SHA-256:277B156C9A562C082F75F13DCE1126DB50AE5FFBEC4AA9715FAAD3D8229E0FB1
                                                                                                                                                                                                                                                                                      SHA-512:3EF826CFC7609E40787FBE9F21F6687CFC3F35995F6031C12D6799AA010500F4D06B8FFF99E92AA3A731C8D87EB18319183E31897521D06FA924F2FD972F1B3B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L....|F...........#.........p....................@.....................................................................f....p..L...............................`....................................................................................text............................... ..`.data....p.......Z..................@....tls.........`.......2..............@....idata.......p.......4..............@..@.edata...............:..............@..@.rsrc................<..............@..@

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Plugins\jbig\is-C9MDF.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1892
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.880192234044488
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:T8ojVAPtTJB4/2pUw80+znbytEH1aPGIpfw2WxXxAcJD:T8ojVAPtTs/asnGA1aPbfyxXWg
                                                                                                                                                                                                                                                                                      MD5:7F4E786EB059A03C54D7EBA4DA5A07A2
                                                                                                                                                                                                                                                                                      SHA1:92F660A17F38376D7FD4F2EA63638EB494D6896F
                                                                                                                                                                                                                                                                                      SHA-256:3ACD2089E334C56E442DA325CDDBE32F7BC35DC765F6983C0174EE1997A05CFD
                                                                                                                                                                                                                                                                                      SHA-512:15EDBDD02C3728B24897B6BE084473672C7F863265977891397BC5532AA5514FFFC49353854F5C017AB8B5CDF0768EB4B966B44D2B0318C82F0C95D4EC278979
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:/*.. * Portable Free JBIG image compression library.. *.. * Markus Kuhn -- http://www.cl.cam.ac.uk/~mgk25/.. *.. * $Id: jbig.c,v 1.22 2004-06-11 15:17:06+01 mgk25 Exp $.. *.. * This module implements a portable standard C encoder and decoder.. * using the JBIG lossless bi-level image compression algorithm as.. * specified in International Standard ISO 11544:1993 or equivalently.. * as specified in ITU-T Recommendation T.82. See the file jbig.doc.. * for usage instructions and application examples... *.. * This program is free software; you can redistribute it and/or modify.. * it under the terms of the GNU General Public License as published by.. * the Free Software Foundation; either version 2 of the License, or.. * (at your option) any later version... *.. * This program is distributed in the hope that it will be useful,.. * but WITHOUT ANY WARRANTY; without even the implied warranty of.. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. * GNU General

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Plugins\jbig\jbiglib.dll (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):84992
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.171088158859144
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:jQm1UtRXF0UwPy7aHxi9VCfyqTYE+roOkXnjXN5XQ4pm6MetGsGp:jQ6UX70w9VCfyqIkjXHA49/K
                                                                                                                                                                                                                                                                                      MD5:7955C4A9D51FAFF49EC290D1F414D8FC
                                                                                                                                                                                                                                                                                      SHA1:D84ADFF2A1631E479184E03A566442A2BE8A9C6F
                                                                                                                                                                                                                                                                                      SHA-256:277B156C9A562C082F75F13DCE1126DB50AE5FFBEC4AA9715FAAD3D8229E0FB1
                                                                                                                                                                                                                                                                                      SHA-512:3EF826CFC7609E40787FBE9F21F6687CFC3F35995F6031C12D6799AA010500F4D06B8FFF99E92AA3A731C8D87EB18319183E31897521D06FA924F2FD972F1B3B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L....|F...........#.........p....................@.....................................................................f....p..L...............................`....................................................................................text............................... ..`.data....p.......Z..................@....tls.........`.......2..............@....idata.......p.......4..............@..@.edata...............:..............@..@.rsrc................<..............@..@

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Plugins\jbig\license.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1892
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.880192234044488
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:T8ojVAPtTJB4/2pUw80+znbytEH1aPGIpfw2WxXxAcJD:T8ojVAPtTs/asnGA1aPbfyxXWg
                                                                                                                                                                                                                                                                                      MD5:7F4E786EB059A03C54D7EBA4DA5A07A2
                                                                                                                                                                                                                                                                                      SHA1:92F660A17F38376D7FD4F2EA63638EB494D6896F
                                                                                                                                                                                                                                                                                      SHA-256:3ACD2089E334C56E442DA325CDDBE32F7BC35DC765F6983C0174EE1997A05CFD
                                                                                                                                                                                                                                                                                      SHA-512:15EDBDD02C3728B24897B6BE084473672C7F863265977891397BC5532AA5514FFFC49353854F5C017AB8B5CDF0768EB4B966B44D2B0318C82F0C95D4EC278979
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:/*.. * Portable Free JBIG image compression library.. *.. * Markus Kuhn -- http://www.cl.cam.ac.uk/~mgk25/.. *.. * $Id: jbig.c,v 1.22 2004-06-11 15:17:06+01 mgk25 Exp $.. *.. * This module implements a portable standard C encoder and decoder.. * using the JBIG lossless bi-level image compression algorithm as.. * specified in International Standard ISO 11544:1993 or equivalently.. * as specified in ITU-T Recommendation T.82. See the file jbig.doc.. * for usage instructions and application examples... *.. * This program is free software; you can redistribute it and/or modify.. * it under the terms of the GNU General Public License as published by.. * the Free Software Foundation; either version 2 of the License, or.. * (at your option) any later version... *.. * This program is distributed in the hope that it will be useful,.. * but WITHOUT ANY WARRANTY; without even the implied warranty of.. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. * GNU General

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Plugins\plugins.cfg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1884
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.6311767214951924
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:rpGYfh5WxavAGhCX1abCnJQl5eeiWHXCENP:rEYpkAQwCJ6iECsP
                                                                                                                                                                                                                                                                                      MD5:05DDCB5E96A261F17C52255CF9785DE7
                                                                                                                                                                                                                                                                                      SHA1:7D631AF3FB55FA375511B858F894D8286A6F8872
                                                                                                                                                                                                                                                                                      SHA-256:A9379EFB3FA29FB66C937DE7C87E539EAEAD57315A5F448EC788E94253E4460F
                                                                                                                                                                                                                                                                                      SHA-512:3A69B8525C96A1063D9FAD04C3C9FAAFDE8BAEBB6E4CBBD11F77C97E49C02A93546AA2C3A1519AD454F0B9F99BC1C9E93DADDF8F613F55AEA44567B736E8FC5A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..[.i.m.a.g.e.m.a.g.i.c.k.].....I.n.t.e.r.n.a.l.N.a.m.e.=.i.m.a.g.e.m.a.g.i.c.k.....F.i.l.e.N.a.m.e.=.P.l.u.g.i.n.s.\.i.m.a.g.e.m.a.g.i.c.k.\.i.m.a.g.e.m.a.g.i.c.k...d.l.l.....P.l.u.g.i.n.N.a.m.e.=.I.m.a.g.e.M.a.g.i.c.k. .P.l.u.g.i.n.....A.c.t.i.v.e.=.1.....D.e.s.c.r.i.p.t.i.o.n.=.I.m.a.g.e.M.a.g.i.c.k. .a.d.d.s. .s.u.p.p.o.r.t.s. .f.o.r. .m.o.r.e. .t.h.a.n. .9.0. .i.m.a.g.e. .f.o.r.m.a.t.s.,. .i.n.c.l.u.d.i.n.g. .P.C.D.,. .D.I.C.O.M.,. .C.U.T.,. .A.V.S.,. .C.I.N.,. .D.O.T.,. .D.P.X.,. .F.I.T.S.,. .F.P.X.,. .H.D.F.,. .M.A.T.,. .M.I.F.F.,. .M.T.V.,. .P.A.L.M.,. .P.C.L.,. .P.I.C.T.,. .P.I.X.,. .P.W.P.,. .R.L.A.,. .S.G.I.,. .S.U.N.,. .S.V.G.,. .T.T.F.,. .V.I.F.F.,. .X.B.M.,. .X.C.F.,. .X.P.M.....E.x.c.l.u.d.e.d.E.x.t.s.=.........[.j.b.i.g.].....I.n.t.e.r.n.a.l.N.a.m.e.=.j.b.i.g.....F.i.l.e.N.a.m.e.=.P.l.u.g.i.n.s.\.j.b.i.g.\.j.b.i.g.l.i.b...d.l.l.....P.l.u.g.i.n.N.a.m.e.=.J.B.I.G. .P.l.u.g.i.n.....A.c.t.i.v.e.=.1.....D.e.s.c.r.i.p.t.i.o.n.=.J.B.I.G.-.K.I.T. .i.m.p.l.e.m.e.n.t.s. .a. .h.i.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Plugins\webp\is-HNP1I.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):507904
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.740497078868688
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12288:Ceu3l/bkenhOWCAOmDYAS+Gqzk00qMSau9:Ceubrq1mDYAS+GK0qZ
                                                                                                                                                                                                                                                                                      MD5:CDB0E80A3E698ED4AFC87C4DA43172F4
                                                                                                                                                                                                                                                                                      SHA1:2FE7C6231E8169F4E12BAFE6A13AC2DAEA7EBF8A
                                                                                                                                                                                                                                                                                      SHA-256:E3A92C0598CFE3E36782658400D116C67F053116BB7118EF2980E7400518B6BD
                                                                                                                                                                                                                                                                                      SHA-512:9E293C13E0E71E8C65896973C2520D111C9FD334CFF1C388EECF7EB899A20D3D6C724481CCC5ECD9240A8806EA9308198ED639DFAC9A884AC77F3663693014A0
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........yYD..7...7...7..~4...7..~2.u.7..~3...7..p2...7..p3...7..p4...7..~6...7...6...7..p3...7.\q>...7.\q7...7.\q....7.\q5...7.Rich..7.................PE..L...E.=a...........!.........................................................0............@.........................p...........(...............................,.......p...............................@...............(............................text...w........................... ..`.rdata..X...........................@..@.data...$0..........................@..._RDATA.. ...........................@..@.rsrc...............................@..@.reloc..,........0..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\Plugins\webp\webp.dll (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):507904
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.740497078868688
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12288:Ceu3l/bkenhOWCAOmDYAS+Gqzk00qMSau9:Ceubrq1mDYAS+GK0qZ
                                                                                                                                                                                                                                                                                      MD5:CDB0E80A3E698ED4AFC87C4DA43172F4
                                                                                                                                                                                                                                                                                      SHA1:2FE7C6231E8169F4E12BAFE6A13AC2DAEA7EBF8A
                                                                                                                                                                                                                                                                                      SHA-256:E3A92C0598CFE3E36782658400D116C67F053116BB7118EF2980E7400518B6BD
                                                                                                                                                                                                                                                                                      SHA-512:9E293C13E0E71E8C65896973C2520D111C9FD334CFF1C388EECF7EB899A20D3D6C724481CCC5ECD9240A8806EA9308198ED639DFAC9A884AC77F3663693014A0
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........yYD..7...7...7..~4...7..~2.u.7..~3...7..p2...7..p3...7..p4...7..~6...7...6...7..p3...7.\q>...7.\q7...7.\q....7.\q5...7.Rich..7.................PE..L...E.=a...........!.........................................................0............@.........................p...........(...............................,.......p...............................@...............(............................text...w........................... ..`.rdata..X...........................@..@.data...$0..........................@..._RDATA.. ...........................@..@.rsrc...............................@..@.reloc..,........0..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\ReadMe-En.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (396), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):60961
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.892091789916829
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:DUIM8n47IAq4uTf3E6kJK4CzyydUG5pTcj9pdNthtt:+D3sI5CxOtJ
                                                                                                                                                                                                                                                                                      MD5:EB240EC882EC1E93D39F9B2111B5E954
                                                                                                                                                                                                                                                                                      SHA1:49D0B541AB9E529C2E182E23A011FF7C2EB5E2BE
                                                                                                                                                                                                                                                                                      SHA-256:30D92E3F8DED9603EF130C431B98D24FBEBA19BC0BFF6F57D6BD90F643120C8D
                                                                                                                                                                                                                                                                                      SHA-512:BE08AF79AD43C08E6FCCA31DC338225C2A598D524DA92E069EF585C65C6DC388D32A7BD759C9F1D46FD79CD51E53D4E4F34FE9BB3CF2A9224FBAA9F927567252
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.ImBatch V7.6.2..=======================================================================....How to install:..-----------------------------------------------------------------------....From the installer:...Just follow the install wizard......From the zip:...Just unzip all the files into a directory you want then launch it.......What is ImBatch?..-----------------------------------------------------------------------....ImBatch is the image batch processor for Windows. ImBatch features an excellent user interface that's easy to use and understand. It handles all popular image formats. What makes the tool different from other batch image processors is its "Task Structure". You can combine Tasks to make processing sequence, that will give you exactly what you want. ImBatch offers many imaging functions (Tasks).....ImBatch features:..-----------------------------------------------------------------------.... o "Task Structure".. - Combine Tasks to make different processing sequence.....

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\ReadMe-Ru.txt (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (487), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):113520
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.4707705545899
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:OLG1dpIfBJdVHN+QI1y66YnlKyL2xv7hpqumI1j7IkP0yicVBvmvLI1yvPEknPOM:OLYdpSBJdVHN+t1n6YnUxxaumIp7IkPI
                                                                                                                                                                                                                                                                                      MD5:9FFA39BE7859183FDD1AF1E8372159F0
                                                                                                                                                                                                                                                                                      SHA1:D12DC40F178176813BFF57DCE6B64687AD42FB26
                                                                                                                                                                                                                                                                                      SHA-256:C4D5F04DF55AB2090377642D6558EA8E110A2DF9D98FE90322FDB7A0DEB533F5
                                                                                                                                                                                                                                                                                      SHA-512:0846FC5EF58F7C915803F8723602ED1AC8347D47FAEB578951E5B491963E5668EABFA711C059B35A9C924D2E8CD693C953B04FDAE7BE36BC5EA1FDBE8A5BCA54
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.ImBatch v7.6.2..=======================================================================....... ..........:..-----------------------------------------------------------------------............. ............ .........:......... ........ ......... ....... ................ ......:......... .............. ... ..... . ...... . ......... ........... ............ ..... ImBatch?..-----------------------------------------------------------------------....ImBatch - ........ .......... ........... ... Windows. ImBatch ........ ............ ................ ..........., ....... ..... . ............. . .......... .. ............ ... .......... ........... ........ "......... .

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\UserRegisterCMH.cmd (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1112
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.09819393387174
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:Ux6AW5tpSsQj7/IF1YOrFj69rYNxoyNuVghP58P5Z:I93IFO0oC525Z
                                                                                                                                                                                                                                                                                      MD5:85304D721D1A64E7CC9E60CC7FA0E18C
                                                                                                                                                                                                                                                                                      SHA1:A11F63FECE9691E19CE84BA28DB9849BA8CE9A8C
                                                                                                                                                                                                                                                                                      SHA-256:68BBD4C5B8B3674F8F10B397025E28C5D85504346C46A2863B1B1BDD0E50B9C8
                                                                                                                                                                                                                                                                                      SHA-512:5CF3705537BA171A1773FECAED218B872468B2CD40831CBCBDCB001A75E2B4824C10510C02105E8B14C1161073A8A1A26D066486D23BE9A4FE9D4CBEF12ED00A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview::::::::::::::::::::::::::::::::::::::::::..:: Automatically check & get admin rights..:::::::::::::::::::::::::::::::::::::::::..@echo off..CLS ..ECHO...ECHO =============================..ECHO Running Admin shell..ECHO =============================....:checkPrivileges ..NET FILE 1>NUL 2>NUL..if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges ) ....:getPrivileges ..if '%1'=='ELEV' (shift & goto gotPrivileges) ..ECHO. ..ECHO **************************************..ECHO Invoking UAC for Privilege Escalation ..ECHO **************************************....setlocal DisableDelayedExpansion..set "batchPath=%~0"..setlocal EnableDelayedExpansion..ECHO Set UAC = CreateObject^("Shell.Application"^) > "%temp%\OEgetPrivileges.vbs" ..ECHO UAC.ShellExecute "!batchPath!", "ELEV", "", "runas", 1 >> "%temp%\OEgetPrivileges.vbs" .."%temp%\OEgetPrivileges.vbs" ..exit /B ....:gotPrivileges ..::::::::::::::::::::::::::::..::START..::::::::::::::::::::::::::::..setlocal & pushd ....

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\UserUnRegisterCMH.cmd (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1118
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.104354199950767
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:Ux6AW5tpSsQj7/IF1YOrFj69rYNxoyNuVghPB8PBZ:I93IFO0oCB2BZ
                                                                                                                                                                                                                                                                                      MD5:073F4EC6F6A65644654E232BA8553F8E
                                                                                                                                                                                                                                                                                      SHA1:96D4117E574CA942BD74F11146A38AA8B9F1BC40
                                                                                                                                                                                                                                                                                      SHA-256:5562DB7775786F13219069D1FC0E0EB707E6CD2949CE4F755F83E8DE24C69C1E
                                                                                                                                                                                                                                                                                      SHA-512:24CA8BAC3BFE18E7223C8D907704786AF24031B396CA6E84AA6E61AE12F0D8A091D8AB77B843533588C92329056779D4D33A98FC9D591E640DE3EA5259CC6FA5
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview::::::::::::::::::::::::::::::::::::::::::..:: Automatically check & get admin rights..:::::::::::::::::::::::::::::::::::::::::..@echo off..CLS ..ECHO...ECHO =============================..ECHO Running Admin shell..ECHO =============================....:checkPrivileges ..NET FILE 1>NUL 2>NUL..if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges ) ....:getPrivileges ..if '%1'=='ELEV' (shift & goto gotPrivileges) ..ECHO. ..ECHO **************************************..ECHO Invoking UAC for Privilege Escalation ..ECHO **************************************....setlocal DisableDelayedExpansion..set "batchPath=%~0"..setlocal EnableDelayedExpansion..ECHO Set UAC = CreateObject^("Shell.Application"^) > "%temp%\OEgetPrivileges.vbs" ..ECHO UAC.ShellExecute "!batchPath!", "ELEV", "", "runas", 1 >> "%temp%\OEgetPrivileges.vbs" .."%temp%\OEgetPrivileges.vbs" ..exit /B ....:gotPrivileges ..::::::::::::::::::::::::::::..::START..::::::::::::::::::::::::::::..setlocal & pushd ....

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\ielib32.dll (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2030952
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.214172450295169
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24576:PZha81jApjgAYdSFHfzF2LR3sNOro/kda/Z/53F9uWTG+Y9RT/3u49:hhaIujg36bFS3mOro8s9G+Y9RTv59
                                                                                                                                                                                                                                                                                      MD5:666AA0E52A59F637F768ABFEFAC4FD4C
                                                                                                                                                                                                                                                                                      SHA1:56F3B31D15BF0A81B9F71EBF0251DA91EF6E7591
                                                                                                                                                                                                                                                                                      SHA-256:6857BE703DE0B799378BC8B1F4DAF94E77486CAE3FBFBE195D7A1C5977E2E2E9
                                                                                                                                                                                                                                                                                      SHA-512:367159E5A5F4EF7208CB096E083791B921DDBE54B13A0CA92E6CFE88BB8CA97C03E09ACC4C57099BE31EEF4A636AD7FA37479713AFC8312253C4C233670C481E
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........+b..J...J...J...2..J..U...J.....J......J......K......J...J...J......J..~..J..~...J..~...J......J...J...J..~...J..Rich.J..........................PE..L...../Z...........!.....H...........%.......`................................(..........................................N...S..P.....'.................h.....'.p....................................T..@............`...............................text....G.......H.................. ..`.rdata..L....`.......L..............@..@.data....4...`.......J..............@..._RDATA........'.....................@..@.rsrc.........'.....................@..@.reloc..p.....'.....................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-00VUD.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):491008
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.590671441611103
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12288:MS89CO35hLb1P39hCWvji0uz0rq1+Jj54eMopDmsDt9X+zLVtoL:M3nJnCWvjibs4c3DjX+Fu
                                                                                                                                                                                                                                                                                      MD5:A4AED5C0A0F48726D0F815127DDEAB6B
                                                                                                                                                                                                                                                                                      SHA1:829C01CBA303B48FF0CF618A28658CAD0C16B4F8
                                                                                                                                                                                                                                                                                      SHA-256:4C654E44F4147D84013F7B5BDCF2DDBDAFDC29FEDB8670881201C39BFE34E93E
                                                                                                                                                                                                                                                                                      SHA-512:C5DC4B83793C00C208962DE022B4209CA692CEA41697A0637DAD1BB4E6471AAD30DBA4AC98FEB5CECCED9C6B79D403B12E696DF1F74C6CD26E389EEECDD2ED6D
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......yf.5=..f=..f=..fXa.g3..fXa.g...fXa.g+..foo.g)..foo.g...foo.g"..fXa.g?..f.n.g>..f=..f[..f.n.g1..f.n.g<..f.n.f<..f.n.g<..fRich=..f........................PE..L...b.C^...........!.....|..........-.....................................................@.................................0...<....`.......................p...G......................................@...............p............................text....{.......|.................. ..`.rdata..............................@..@.data...t4... ...&..................@....rsrc........`.......4..............@..@.reloc...G...p...H...6..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-187E4.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):353792
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.450214660480855
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6144:BI7PD1THviwNO9lAgr4vjFTekpSa41vuWiPNbA62/Wqext6BbsHvPUuieM9erem/:BI7PD1THviwNO9lAgr4vjdekoa41WWiv
                                                                                                                                                                                                                                                                                      MD5:CF81B10D01BEAC2585027BDB62C828F4
                                                                                                                                                                                                                                                                                      SHA1:8E39A60A4D257D8B79C4BAD3DCE3BA9B76834E01
                                                                                                                                                                                                                                                                                      SHA-256:1458F81271DB9A68CB27D8778995E21137055B05EFFFD150FC46129FBDECD007
                                                                                                                                                                                                                                                                                      SHA-512:D9C033B937736D9A464E41826F3CD4D609E0F35ECC3A348C31C89D702A2C6C5DA634E3D31CAAB60ADAA7D213368ABC4237B926F554153A91844BBB4085676FFB
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........n............i......i.......i......i......g......g......g......f........8....f......f......f_.....f.....Rich............PE..L....vA_...........!................T.....................................................@.............................`$......<....`..@....................p......p...T...............................@...............h............................text............................... ..`.rdata..............................@..@.data...(@.......6..................@....rsrc...@....`.......0..............@..@.reloc.......p...0...6..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-27TQD.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):145408
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.39771652028681
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:k2TGe4Dr+1r2+ePVlwf94mg39rm+mPb5PSWk/Dmru7P:k+Ge4Dr+1rtetCVI38k/DUu7P
                                                                                                                                                                                                                                                                                      MD5:CBE0307F553A44A21A0A92FCF2392D85
                                                                                                                                                                                                                                                                                      SHA1:3AF7763944A61DD99C6110C7973C6E54AAB7495C
                                                                                                                                                                                                                                                                                      SHA-256:5FDEC741BB4EA7CC57ADA669129F5085E14B3A0015C1C638C6B3EBF03FF2E579
                                                                                                                                                                                                                                                                                      SHA-512:4CE3258362173DF1D85E19D6ABD5586860154370243A28C586E104101669EC4694E42CC3A6062F06E6410D404030B41A95D0231F1D6AE8FB158DC80CC83938A3
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... .p.d...d...d.......o...............w...6...A...6...k...6...u.......a...d...........`.......e.......e.......e...Richd...........................PE..L.....a...........!......................................................................@.........................P...........<....P.......................`..........p...........................`...@...............x............................text...0........................... ..`.rdata..*...........................@..@.data...l....0......................@....rsrc........P......................@..@.reloc.......`....... ..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-3AKKO.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (487), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):113520
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.4707705545899
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:OLG1dpIfBJdVHN+QI1y66YnlKyL2xv7hpqumI1j7IkP0yicVBvmvLI1yvPEknPOM:OLYdpSBJdVHN+t1n6YnUxxaumIp7IkPI
                                                                                                                                                                                                                                                                                      MD5:9FFA39BE7859183FDD1AF1E8372159F0
                                                                                                                                                                                                                                                                                      SHA1:D12DC40F178176813BFF57DCE6B64687AD42FB26
                                                                                                                                                                                                                                                                                      SHA-256:C4D5F04DF55AB2090377642D6558EA8E110A2DF9D98FE90322FDB7A0DEB533F5
                                                                                                                                                                                                                                                                                      SHA-512:0846FC5EF58F7C915803F8723602ED1AC8347D47FAEB578951E5B491963E5668EABFA711C059B35A9C924D2E8CD693C953B04FDAE7BE36BC5EA1FDBE8A5BCA54
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.ImBatch v7.6.2..=======================================================================....... ..........:..-----------------------------------------------------------------------............. ............ .........:......... ........ ......... ....... ................ ......:......... .............. ... ..... . ...... . ......... ........... ............ ..... ImBatch?..-----------------------------------------------------------------------....ImBatch - ........ .......... ........... ... Windows. ImBatch ........ ............ ................ ..........., ....... ..... . ............. . .......... .. ............ ... .......... ........... ........ "......... .

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-3GFF4.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):3266109
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.442905037245138
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:49152:vdx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoHVHNTQTEjg3336/SC:0HDYsqiPRhINnq95FoHVBg3336p
                                                                                                                                                                                                                                                                                      MD5:C86F1E8BD0B4FC0F5E3B7555EDC94135
                                                                                                                                                                                                                                                                                      SHA1:8E5122DFB38D48B72BA0E46C67E12252CA946BBB
                                                                                                                                                                                                                                                                                      SHA-256:D92E731461345CDED4DF6B94C6AECA0E78393273A30C4C34A567E60C39C6009F
                                                                                                                                                                                                                                                                                      SHA-512:BFEE4A6AEB0EB8650CBD14B7FC6782F76DE375D74C0AF11777AB5EF08265E245F5D623364FE9A349175FC26AE7A804ED1962E39117797FF4A7FC35850FCD6ABF
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...oGXb.................B,..2......`V,......`,...@..........................`2...........@......@....................-.......-..9......<U....................................................-.......................-.......-......................text.....,.......,................. ..`.itext...(...0,..*....,............. ..`.data........`,......F,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-...... -.............@..@.rsrc...<U.......V..."-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-3GIR2.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):119082
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.882523830594984
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:VOu4CP8XcOSDVkoxcgn4EOhrvAwERQhF6JJ:VOMP8XcVVkG54EGAwsJ
                                                                                                                                                                                                                                                                                      MD5:F92331003C3B2EBD655818DF586BD025
                                                                                                                                                                                                                                                                                      SHA1:55CFF0069092A38698F1734B750C184491A6ED1D
                                                                                                                                                                                                                                                                                      SHA-256:D55795384E4F9901519F15457B53DA087EDD385E6CD004D3F8DA90BCAE1D6E60
                                                                                                                                                                                                                                                                                      SHA-512:CA8B6B6B096616B82D51281E70BEB60BB62A892159F71118860249747D87A4754C1C38CC4D657BDAC6F87DEE405D1DF736531A01164E85C8C2D4DB9FD8E77E7C
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:RIFF"...WAVEfmt ........D....X........data........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................%...3...'...............8...;...(...........8...T...K...-.......&...]...|.~.d...0.......W.y...>...L.z...3...C.......1...4.......i.}.......*.....r(i./.?.-..V"R.(.6(....V...e#."....1..!...<...)...C.-...Y.F.p.>..;.

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-4IE2K.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):737792
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.801875998435243
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12288:wD3iRr13XeNTLQlRiZkVSUvyThSkWPc6X:wbiTGQHiZkVSUp0
                                                                                                                                                                                                                                                                                      MD5:523A9F8FB14845DACE902B1FDBF0CCB8
                                                                                                                                                                                                                                                                                      SHA1:7594B43F60921B3AF6938F1FACB202F5AA8D0075
                                                                                                                                                                                                                                                                                      SHA-256:C18CDF7A7B0055F3FCB43040A92022534D231E25DF601B490AB713F5D0EA0F48
                                                                                                                                                                                                                                                                                      SHA-512:DB3011C1BC4244E1D1F6C2878A15ADCA3CFE00A369EF96D2E5E6B6FC39332CAC40B7A0D80C004BE8646A000F5EC43C972D10989E3F97E5A354277816FB20B655
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......... ...NT..NT..NT.;.T..NT.;.T<.NT.;.T..NT...T..NT..OT.NT..KU..NT..JU..NT..MU..NT..NT..NT..JU..NT..NU..NT..T..NT..LU..NTRich..NT........PE..L...q.z\...........!.........F.............. ............................................@.........................`...........(....P.......................`..t,......................................@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0......................@....rsrc........P......................@..@.reloc..t,...`......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-7C04I.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):175104
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.710085266649328
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:N9r9mNTCwJt19ygGKMgWI7WH4KqS7GgSSh2w7KuGjPXPj+VnXTBfbiEgYRv9/RQj:VmZeE366g/rKN3jwXTBDiEl5Q+I
                                                                                                                                                                                                                                                                                      MD5:FCB71682525261D9CF9B5B1C37C2841C
                                                                                                                                                                                                                                                                                      SHA1:64C638F01F4CEACCFABCC0AAE35954E64861C521
                                                                                                                                                                                                                                                                                      SHA-256:C428C6A1B5E2E6B4222050B91537EFD2CFA029622489BC161B22DC45E7703AFE
                                                                                                                                                                                                                                                                                      SHA-512:AEB0FED09750A03A35D882782DEBC2ADA8D911F2AAD483F1521A7C34187935F048F7A864B092981A2AFCF6D900004FCF62D457DB73065315B395F85080D6F88A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J\...=@..=@..=@.k[C..=@.k[E.=@.k[D..=@.....=@.\UE..=@.\UD..=@.\UC..=@.k[A..=@..=A._=@.TD..=@.T@..=@.T...=@.TB..=@.Rich.=@.................PE..L....m.]...........!......................................................................@.........................p...H.......(.......0............................{..T............................{..@............................................text............................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-7HQ59.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):392704
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.632224443003832
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6144:kbxpXgR5Qgp8jiWE1gNdyewmIExgnmkXBOyZzrMn+7m2Uas7hAOlV+5akFl:kbnwRW8miWE1g9w7ExCm6rzrxvs7haag
                                                                                                                                                                                                                                                                                      MD5:70AB1788BC402CC6ECA8235F5E612023
                                                                                                                                                                                                                                                                                      SHA1:5EA34CEF8CD69F31161B577B5126C96FCFB3C153
                                                                                                                                                                                                                                                                                      SHA-256:D58798F3B423E38B352E0A92A266B399A3BB5A9A141A73699223BB5D04B55924
                                                                                                                                                                                                                                                                                      SHA-512:D0E1F7F5895CE2BDD2ED667CD26421E5DBFDFC369938CE3A9B1B9A85988D3DEBCDB1D089087DCA973D9346463669BD82BBA4326A3A4B6C651824DE7343CA3451
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........\..Y\..Y\..Y9..XQ..Y9..X..Y9..XJ..Y...XI..Y...Xk..Y...XC..Y9..XS..Y\..Y ..Y...XX..Y...X]..Y...Y]..Y\.sY]..Y...X]..YRich\..Y........PE..L......a...........!.....`...................p...............................0............@.........................p.......,...........H.......................H8...Y..p...........................PZ..@............p...............................text....^.......`.................. ..`.rdata..F=...p...>...d..............@..@.data....'..........................@....rsrc...H...........................@..@.reloc..H8.......:..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-8GFDD.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):9384872
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.642385961820031
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:196608:3yXKUrGGwAjLP4YetRHd3WhKUza/BtONOLSkQdBPXjfDlR8:3yXIGnetRHhWhKUza/BtONOLiXj7lC
                                                                                                                                                                                                                                                                                      MD5:FEBCD08DA15BB85D2BB99153FACD1E23
                                                                                                                                                                                                                                                                                      SHA1:CA4CF3D9919C1BEDDA551FC0274AB9C6336C5421
                                                                                                                                                                                                                                                                                      SHA-256:EDC45B2344BBCF2295CD36B670E60B4AB98B427CCCAD7875218057C2D519126C
                                                                                                                                                                                                                                                                                      SHA-512:DFC280607A3842014245B51D296FFBC5D657748559A22E9419CD0FD4BD3E2F7D8536A76AA35932277989DE1D8DDCD2A591A4060D9DE25D814CFC88E0F9A10DCE
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Yara Hits:
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\ImBatch\is-8GFDD.tmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....T|e.................dm...!.....T|m.......m...@................................iQ...........@................... ...........T.......R...............%...P...#...........................@.......................................................text...\3m......4m................. ..`.itext.../...Pm..0...8m............. ..`.data.........m......hm.............@....bss....LX...Pw..........................idata...T.......V...4w.............@....didata...............w.............@....edata....... ........w.............@..@.tls.........0...........................rdata.......@........w.............@..@.reloc...#...P...$....w.............@..B.rsrc....R.......R....~.............@..@...................................@..@................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-99KO6.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):440832
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.793440946847915
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12288:sLFPWnh5J8Hr5GS+P84JkfDpBnlqCaY8pHint5CWExW8SM:sLFuuL5GS+PDCMm8+8S
                                                                                                                                                                                                                                                                                      MD5:C7EE1E0B7EEBD1DA4B591CD78A7522D9
                                                                                                                                                                                                                                                                                      SHA1:E0DA8EBBB50E82C4D55321010F284B7E50D8A936
                                                                                                                                                                                                                                                                                      SHA-256:75A52C8C8C8F771693CD54C619EEBF23296F382D6BC59A5D7A166C8D40AD5707
                                                                                                                                                                                                                                                                                      SHA-512:EDEDD75A76161B14E8CF53E619B18B04C6AF0B24F23260B53F86E9F57F8BF7A602B361EA098E6282CFE550C54BF6BD40DFA70F71EEF0D83D3E704A2670A5FCEF
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]K...*a..*a..*a.|Lb..*a.|Ld.*a.|Le..*a.KBd..*a.KBe..*a.KBb..*a.Ce.R*a.|L`..*a..*`.C*a.Ch..*a.Ca..*a.C...*a.Cc..*a.Rich.*a.........................PE..L....._`...........!......................................................... ............@.........................p.......0...(................................*......p...............................@...............(............................text............................... ..`.rdata..............................@..@.data....-..........................@..._RDATA.. ...........................@..@.rsrc...............................@..@.reloc...*.......,..................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-9K996.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):307200
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.6322254973907935
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6144:tYWJbKXKFnkAXLUhywxsvVlFM6qj/aeviVIINZjJX437EL7+:mWJbK6FnkiwxstlS6qj/aevMN3G
                                                                                                                                                                                                                                                                                      MD5:4D677269861F4EEBD5DFBB2B658CADCC
                                                                                                                                                                                                                                                                                      SHA1:A15F7BFFFD25FE52FE309582270404C55016EBC1
                                                                                                                                                                                                                                                                                      SHA-256:09C3C1CAC724ED557B7ADC2DFB7DC8F51F98A134715A1E2189640BC7B89DF495
                                                                                                                                                                                                                                                                                      SHA-512:05C036653959E3591FA22893BE5EE92C809057AB0D9252739960CF2501568A5554D6E683EEEA8FC7AC52C434EE906772F21087F5DDAD350C17BF76054FB20C5B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........?..P^v.P^v.P^v.58u.\^v.58s..^v.58r.B^v..6r._^v..6u.B^v..6s.y^v.58w.S^v.P^w.;^v..7..u^v..7u.S^v..7v.Q^v..7..Q^v.P^..Q^v..7t.Q^v.RichP^v.........................PE..L.....]...........!.....0...................@...........................................................................?..<I..(...............................P;......p........................... ...@............@..|............................text..../.......0.................. ..`.rdata.......@.......4..............@..@.data...lH...`...(...F..............@....rsrc................n..............@..@.reloc..P;.......<...t..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-9LNGL.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (396), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):60961
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.892091789916829
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:DUIM8n47IAq4uTf3E6kJK4CzyydUG5pTcj9pdNthtt:+D3sI5CxOtJ
                                                                                                                                                                                                                                                                                      MD5:EB240EC882EC1E93D39F9B2111B5E954
                                                                                                                                                                                                                                                                                      SHA1:49D0B541AB9E529C2E182E23A011FF7C2EB5E2BE
                                                                                                                                                                                                                                                                                      SHA-256:30D92E3F8DED9603EF130C431B98D24FBEBA19BC0BFF6F57D6BD90F643120C8D
                                                                                                                                                                                                                                                                                      SHA-512:BE08AF79AD43C08E6FCCA31DC338225C2A598D524DA92E069EF585C65C6DC388D32A7BD759C9F1D46FD79CD51E53D4E4F34FE9BB3CF2A9224FBAA9F927567252
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.ImBatch V7.6.2..=======================================================================....How to install:..-----------------------------------------------------------------------....From the installer:...Just follow the install wizard......From the zip:...Just unzip all the files into a directory you want then launch it.......What is ImBatch?..-----------------------------------------------------------------------....ImBatch is the image batch processor for Windows. ImBatch features an excellent user interface that's easy to use and understand. It handles all popular image formats. What makes the tool different from other batch image processors is its "Task Structure". You can combine Tasks to make processing sequence, that will give you exactly what you want. ImBatch offers many imaging functions (Tasks).....ImBatch features:..-----------------------------------------------------------------------.... o "Task Structure".. - Combine Tasks to make different processing sequence.....

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-AVM6R.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):7767944
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.990778340896316
                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                      SSDEEP:98304:qB4FP84wIh7nlSMuBevGyBkkdzSiYzmH1Ub0+iolqKibI90VOePwsRiNKNERP1eD:44h8qeQVrYaHipJysePMN8wPIrqPPWnB
                                                                                                                                                                                                                                                                                      MD5:A2E5679917DE0C043AED253E90F1E6A0
                                                                                                                                                                                                                                                                                      SHA1:28CCE9C6E8BD009310EFB28C8B3F9BAE05E98921
                                                                                                                                                                                                                                                                                      SHA-256:EC17DEFD7CF1EE21C50EC267FAFC7A991F54C2DFE2CEC0C4DE5001E6A251FC80
                                                                                                                                                                                                                                                                                      SHA-512:CB3812E74B4E3930676B83A55C8FE3151F794CE9EE5B0D30AEE652515158A22061190865D402B652CB6E1DB94DB0A0D2A0EBB07274D8184710B0FD8474522F3E
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ.OO.`........^.~.$.....@....a...@..d80k..&+_..+.&e.L..GVy.....Q..............................................................................................................................................................................................PE..L...D^.f.........."......T........................@..................................:w..........@...........................0..`....@...&...........av..%...p...............................p.............................................................................................`........>...........................@............@.............................`.............0......................@....rsrc....&...@....&.................@..@.............p........&.............@...................1v....&.............@......................................................................................................................................................................................................*%..J=..r.Z..[b_..4C

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-C4JUH.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):222208
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.5923760439050625
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:r+mkvfDVAPw5jhjhyjQkD3kBD8l40N4tiofir9byfaMGj0N2ptmuAg0FuDos4L3W:r+mEbRxNqbD328/40nb2v0AO4aMb4
                                                                                                                                                                                                                                                                                      MD5:70C88CFEFA99A53B0BD3CCE9515CA444
                                                                                                                                                                                                                                                                                      SHA1:FE6D8F770F8830FDE35260421BE967BCA191279F
                                                                                                                                                                                                                                                                                      SHA-256:7A8BC97F9CE339B85C4104CA51144AA6883525C8E2BFDCA00A8A4380E810EE75
                                                                                                                                                                                                                                                                                      SHA-512:7C9C4AD1C308895E0CB68DCBE48BB24EE2D3BF35ED5D09D43AB457079F9ED5056DBF2A5790A84BA5800329F9CA884BD7E919203934BC57EA6F40B49DDEFB93C7
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......4.U p.;sp.;sp.;s..8rd.;s..>r.;s..?rh.;s".8rc.;s".>rD.;s".?ro.;s..:rs.;s..:rr.;sp.:s'.;s..2ry.;s..;rq.;s...sq.;s..9rq.;sRichp.;s........PE..L....2.^...........!.........r......~........0............................................@.........................05.......6..<................................"......p...........................P...@............0..(............................text............................... ..`.rdata..V....0....... ..............@..@.data....=...@......................@....rsrc................>..............@..@.reloc...".......$...@..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-FBACC.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):239104
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.641416665834774
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6144:2HlhpMl5NGkA0e0IlKeA0qcAONT7ug+Y:2HlPMjA0e9UUPTCg+Y
                                                                                                                                                                                                                                                                                      MD5:EBB0A33FDC732FF1F211F9F467AAFC03
                                                                                                                                                                                                                                                                                      SHA1:676B33F33ED6BB5A076451BD31B0E81936CCC3C4
                                                                                                                                                                                                                                                                                      SHA-256:20E19844E80ACBD0EDF18D9F62E5E1B1D4DCD0DC4179CD8DA6A32B85B8AFE807
                                                                                                                                                                                                                                                                                      SHA-512:EC5E37EC820B3B7A638D2FD65EBC4E0208BFA92933B5359A0FCF998E023E0C64F778B9E649224760CFB91035C09C4BC39A144C1A7592B560D95F05681DA6FC10
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........p.g.#.g.#.g.#..##.g.#..!#0g.#.. #.g.#...".g.#...".g.#...".g.#+..".g.#..A#.g.#.g.#.g.#+..".g.#+..".g.#+.-#.g.#+..".g.#Rich.g.#........................PE..L....]...........!.....\...t......l........p............................................@..........................v......px..<................................#...V..p........................... W..@............p..(............................text....[.......\.................. ..`.rdata.......p.......`..............@..@.data...|<...........p..............@....rsrc...............................@..@.reloc...#.......$..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-FNB5F.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2030952
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.214172450295169
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24576:PZha81jApjgAYdSFHfzF2LR3sNOro/kda/Z/53F9uWTG+Y9RT/3u49:hhaIujg36bFS3mOro8s9G+Y9RTv59
                                                                                                                                                                                                                                                                                      MD5:666AA0E52A59F637F768ABFEFAC4FD4C
                                                                                                                                                                                                                                                                                      SHA1:56F3B31D15BF0A81B9F71EBF0251DA91EF6E7591
                                                                                                                                                                                                                                                                                      SHA-256:6857BE703DE0B799378BC8B1F4DAF94E77486CAE3FBFBE195D7A1C5977E2E2E9
                                                                                                                                                                                                                                                                                      SHA-512:367159E5A5F4EF7208CB096E083791B921DDBE54B13A0CA92E6CFE88BB8CA97C03E09ACC4C57099BE31EEF4A636AD7FA37479713AFC8312253C4C233670C481E
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........+b..J...J...J...2..J..U...J.....J......J......K......J...J...J......J..~..J..~...J..~...J......J...J...J..~...J..Rich.J..........................PE..L...../Z...........!.....H...........%.......`................................(..........................................N...S..P.....'.................h.....'.p....................................T..@............`...............................text....G.......H.................. ..`.rdata..L....`.......L..............@..@.data....4...`.......J..............@..._RDATA........'.....................@..@.rsrc.........'.....................@..@.reloc..p.....'.....................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-GR2NP.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):10704296
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.078832724749552
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:196608:pn+8JMxFKbXyTrWhKUzSROd5c7D5msdfRahwIn:pn+8JMmbXyTrWhKUzSROd5c7nvbC
                                                                                                                                                                                                                                                                                      MD5:2E8E0CA4CDC0F283A18BB20679FFF5AF
                                                                                                                                                                                                                                                                                      SHA1:BD38B107D81A8143CD68727FC9C724E955DCB3B1
                                                                                                                                                                                                                                                                                      SHA-256:861892F2632AEF5E64932335FE1F1B935557701ED8CDC7DE9AF858DAE9819FF2
                                                                                                                                                                                                                                                                                      SHA-512:74795B2DBD573B35B730D62EE33A65166256FC28D5FB15C97AEFF52FC1D80801F67B7A5FC5D2D366F8B1BA71F23E802AEBBDAA88D499D982797F692F558E4B82
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Yara Hits:
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\ImBatch\is-GR2NP.tmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....T|e..................i...:......%i......0i...@..............................................@..........................`...T.......<)..........0...%...........................................................o...............................text.....h.......h................. ..`.itext...(....i..*....h............. ..`.data........0i.......i.............@....bss.....V....s..........................idata...T...`...V....r.............@....didata..............2s.............@....edata..............<s.............@..@.tls.....................................rdata...............>s.............@..@.reloc...............@s.............@..B.rsrc....<)......<)...y.............@..@.............@.......p..............@..@................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-J21TG.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1352704
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.789124909994034
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24576:L/W+KpPA221wFyYrshDGAkzATRMZjuyQbrpeVfwdokaErMRtPairFjUo:uL21wdCYVYaErWtPdrFAo
                                                                                                                                                                                                                                                                                      MD5:A3EE4938007ED34CF4BE7E873962BF78
                                                                                                                                                                                                                                                                                      SHA1:8008865EA5D5D83CDD40A9AE3CCF8D364812EC17
                                                                                                                                                                                                                                                                                      SHA-256:D78A115E4A443ABBAC70C5DA66D1BDD16C48619E897609A76D1AF62261441BED
                                                                                                                                                                                                                                                                                      SHA-512:D8F402E47B906CEC147FD82086236FCC12091968ECF6071FFBEA833EADF8FB554960D12E273B463DDE4F49A32C45BC401244D9164426ECC986361039CD4FDC69
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........U..;..;..;..8..;..>.c.;..?..;..>..;..?..;..8..;..:..;..:.T.;..;..;.C.?..;.C.;..;.C....;.C.9..;.Rich.;.........PE..L...vvA_...........!..... ..........5m.......0............................................@.........................0..........x....@..@....................P..........T...............................@............0...............................text............ .................. ..`.rdata...h...0...j...$..............@..@.data............f..................@....rsrc...@....@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-LD7EM.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):792064
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.692195348234998
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24576:V8lgUjU76+BoC5i8HcOM5q8heWo8F7MRy+mi33ibzdjR:iZDYcpqaGeC3SbBjR
                                                                                                                                                                                                                                                                                      MD5:ABEAAC0D8ABDF9C4839719E5E8FBFB6B
                                                                                                                                                                                                                                                                                      SHA1:01851DB649F56380577C9A9CBF707F2E8BAB608B
                                                                                                                                                                                                                                                                                      SHA-256:31FF5874369F02F1999A72DC214079074415944BF16CF552872FDBFFFA36D190
                                                                                                                                                                                                                                                                                      SHA-512:C86E2B8C76014F2AD65820CB1652F5B8AEB74C46178A8A884004AC4F9A91F25D7E981A041C8E9F6B4EADEB64399D904125790CC5BC3C538F27D837A859A6ACD5
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w...w...w......w.....Zw......w......w...w..ww......w.....w......w..o....w..o....w..o....w..Rich.w..........................PE..L... .A^...........!......................................................................@..........................t.........(............................0...d......................................@............................................text............................... ..`.rdata..v...........................@..@.data...`........4...|..............@....reloc...d...0...f..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-LH3K9.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1118
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.104354199950767
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:Ux6AW5tpSsQj7/IF1YOrFj69rYNxoyNuVghPB8PBZ:I93IFO0oCB2BZ
                                                                                                                                                                                                                                                                                      MD5:073F4EC6F6A65644654E232BA8553F8E
                                                                                                                                                                                                                                                                                      SHA1:96D4117E574CA942BD74F11146A38AA8B9F1BC40
                                                                                                                                                                                                                                                                                      SHA-256:5562DB7775786F13219069D1FC0E0EB707E6CD2949CE4F755F83E8DE24C69C1E
                                                                                                                                                                                                                                                                                      SHA-512:24CA8BAC3BFE18E7223C8D907704786AF24031B396CA6E84AA6E61AE12F0D8A091D8AB77B843533588C92329056779D4D33A98FC9D591E640DE3EA5259CC6FA5
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview::::::::::::::::::::::::::::::::::::::::::..:: Automatically check & get admin rights..:::::::::::::::::::::::::::::::::::::::::..@echo off..CLS ..ECHO...ECHO =============================..ECHO Running Admin shell..ECHO =============================....:checkPrivileges ..NET FILE 1>NUL 2>NUL..if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges ) ....:getPrivileges ..if '%1'=='ELEV' (shift & goto gotPrivileges) ..ECHO. ..ECHO **************************************..ECHO Invoking UAC for Privilege Escalation ..ECHO **************************************....setlocal DisableDelayedExpansion..set "batchPath=%~0"..setlocal EnableDelayedExpansion..ECHO Set UAC = CreateObject^("Shell.Application"^) > "%temp%\OEgetPrivileges.vbs" ..ECHO UAC.ShellExecute "!batchPath!", "ELEV", "", "runas", 1 >> "%temp%\OEgetPrivileges.vbs" .."%temp%\OEgetPrivileges.vbs" ..exit /B ....:gotPrivileges ..::::::::::::::::::::::::::::..::START..::::::::::::::::::::::::::::..setlocal & pushd ....

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-LHMKI.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):512512
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.132256533873661
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:0s2rxgixvPs3c9uVutc8Zex6M49V46SvK1YEG1IWB0UcWXteHKC2y2IQH12y7P22:o83cbTXG1v0P2MwWmK+7wEwmf5V
                                                                                                                                                                                                                                                                                      MD5:E80B1F3DF3D25F1F288DD5A6CAE279D5
                                                                                                                                                                                                                                                                                      SHA1:594F575FCBCFFE81DE9CD820418ADF1F577C2CD2
                                                                                                                                                                                                                                                                                      SHA-256:CB6A5059A35E511A673DD5F5EBEDE54A5CA0369A87D2C247D95410DA8ADF647B
                                                                                                                                                                                                                                                                                      SHA-512:F793335BF6A88834E0306417EBB9E405B5971E36650ADD6947D06A462A0C468EC78AF3EFB7901D66C0CBB80D4E63427122AAC5A5A8AC0E3DDCD07DE3F98471D0
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Y.h.Y.h.Y.h.<.k.R.h.<.m...h...i.[.h...l.V.h...k.L.h...m.~.h.<.l.@.h.<.i.\.h.Y.i...h...m.M.h...h.X.h.....X.h...j.X.h.RichY.h.........................PE..L.....U`...........!................=T....... ............................................@.....................................<...............................8%......T...............................@............ ...............................text............................... ..`.rdata...z... ...|..................@..@.data...h$..........................@....rsrc...............................@..@.reloc..8%.......&..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-LKQB2.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):3032984
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.5342725772805785
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:49152:Et4ySr8QSdulASXLsA0L9pjtpWn8bbgHPEaTfTTrWhvGcv:EWlHsA0L9pxp9bgHF6Gcv
                                                                                                                                                                                                                                                                                      MD5:A4FF9BB4BA82C1DA7A57732C176C0EDA
                                                                                                                                                                                                                                                                                      SHA1:AE2A1ECE1EAE3C5805FF469C57F3AAB3CB26E797
                                                                                                                                                                                                                                                                                      SHA-256:AC0EF68CB05678CF007A3E607495330A975494232ED0B509533664EE9C593702
                                                                                                                                                                                                                                                                                      SHA-512:6F95432A892B1D9134DA69B622E63DEDA7AED3780694FA0AE4C10DEF4898B9592B7EA22F7E52AA471033141DCAC155218A0ECEF12BD3AEA429783B738A94DFD2
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....j.S..................'..|........'.......'...@...........................2......./.................................B.... ..<}...P1.........................(....................................................3..H.......&....................text.....'.......'................. ..`.itext........'.......'............. ..`.data.........'.......'.............@....bss.....`....).......)..................idata..<}... ...~....).............@....didata.&.............*.............@....edata..B.............*.............@..@.reloc..(.............*.............@..B.rsrc........P1.......,.............@..@..............2.....................@..@................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-NOB8F.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1412
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.804308173476608
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:9FjqCTe9G6+QbqNgl+3mMIRW0QgbEL8JhQelqEFVL5IFqKDm2xXljDzcv:/eQ6vrl+WJoTH4J2e9bLGq8m2x16
                                                                                                                                                                                                                                                                                      MD5:45E2BE1D7642CAE2B13F8A9F076F75C0
                                                                                                                                                                                                                                                                                      SHA1:FB0EC0663C53EF439A437FBF4B64B0E603632231
                                                                                                                                                                                                                                                                                      SHA-256:F6538020DF9EA8F67B72F3C4FC8374EE585223628F10B0725A35E5B12C4CD462
                                                                                                                                                                                                                                                                                      SHA-512:3D7A9C9D7F607A1DBA7188F42A791A9018625D5CF9DDDEC5CDBD3812E108A4CA1F176E581C87B4DE6BE1E2D499022850D70F0783D5189CD677AE9B36FED47DE9
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:ImBatch License Agreement..==================..IF YOU DOWNLOAD OR USE THIS PROGRAM YOU AGREE TO THESE TERMS.....License Agreement and Warranty Disclaimer....You should carefully read the following terms and conditions before using this software. Use of this software indicates your acceptance of these terms and conditions. If you do not agree with them, do not use the software.....Disclaimer of Warranty..---------------------------....ImBatch (this software) is provided "as-is" and without warranty of any kind, express, implied or otherwise, including without limitation, any warranty of merchantability or fitness for a particular purpose. ....In no event shall the author of this software be held liable for data loss, damages, loss of profits or any other kind of loss while using or misusing this software.....License..---------------------------....ImBatch is free for personal and educational (including non-profit organization) use. In these cases, you are granted the right to use and to

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-OHCKU.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):5436928
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.855818705227545
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:49152:QfWMClHXPJ8iChLQxgl1F+JdJdF+FqkMzRdvt52d0xwS8zX1bE1xWLiAUOrNurXm:QOP/Qiglulm3MzRdvtwdyKLiAUqJ
                                                                                                                                                                                                                                                                                      MD5:160FEA7D69354868B1101AE8B536EF18
                                                                                                                                                                                                                                                                                      SHA1:8AD8F072B2148CA03495A977D4783DA7B6F10E5D
                                                                                                                                                                                                                                                                                      SHA-256:1C0B99ECA227B6DE93EC49C8F92BF8FEF680184C198CDD755199D55A44586355
                                                                                                                                                                                                                                                                                      SHA-512:CEB115FB59F112AFA57B0213E8B0E92C70E8FA2C89EF4E33BBFCDB7B72942245D23E81CE220684595ECCDE204E3EE7A69FD14B29B188644D5FAF32EDBDFDB543
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......7.$5s.Jfs.Jfs.Jf..IgA.Jf..Og.Jf..Ngm.Jf.:.fw.Jf!.Igm.Jf!.Og..Jf!.NgQ.Jf..Ng..Jf..Igr.Jf..Og.Jf..Kgp.Jfs.Kf.Jf..Cgg.Jf..Jgr.Jf..fr.Jf..Hgr.JfRichs.Jf........PE..L.....Ia...........!......8..F$.....7.&.......9...............................]...........@.........................P.N......N.(.....Z.......................[.....`#J.p...................p$J......#J.@.............9.,............................text...u.8.......8................. ..`.rdata..x.....9.......8.............@..@.data...l*....N......~N.............@..._RDATA........Z......^P.............@..@.rsrc.........Z......rP.............@..@.reloc........[......tP.............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-Q6F2H.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):522240
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.297581878840908
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12288:9B5l4ob1hAXMF5Zm1m4fJIBRqS6+8khJRRz08EMuo:9BD4oM8zZQmqJh
                                                                                                                                                                                                                                                                                      MD5:1E4B82CBD98766F79CE4B7839FC2DB6B
                                                                                                                                                                                                                                                                                      SHA1:FCAE6A9F8E3E152F29E9FAF8BA78F03E746E11C8
                                                                                                                                                                                                                                                                                      SHA-256:74571CBC448309BDA9015D842FD292BD73D8D8CA17ED365EEB6629F019FEF9A9
                                                                                                                                                                                                                                                                                      SHA-512:ED43788800FFC51C354AA94946D1B356D5B7C5DC437511904EF33DBBE9541DDA9BE6CC830C0E467CC129D120958F9EE3731CC28A1F10E44F8D677E52A12A9E9A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J6..+X..+X..+X.M[..+X.M\..+X.M].e+X.C[..+X.C]..+X.C\..+X.MY..+X..+Y.U+X.qBQ..+X.qBX..+X.qB...+X..+...+X.qBZ..+X.Rich.+X.........................PE..d......a.........." .....p..........(........................................@............`..........................................}.......}..........H.......`<........... ..........p...........................P................................................text....o.......p.................. ..`.rdata..^............t..............@..@.data....7....... ..................@....pdata..`<.......>..................@..@.rsrc...H...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-RHGSN.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1112
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.09819393387174
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:Ux6AW5tpSsQj7/IF1YOrFj69rYNxoyNuVghP58P5Z:I93IFO0oC525Z
                                                                                                                                                                                                                                                                                      MD5:85304D721D1A64E7CC9E60CC7FA0E18C
                                                                                                                                                                                                                                                                                      SHA1:A11F63FECE9691E19CE84BA28DB9849BA8CE9A8C
                                                                                                                                                                                                                                                                                      SHA-256:68BBD4C5B8B3674F8F10B397025E28C5D85504346C46A2863B1B1BDD0E50B9C8
                                                                                                                                                                                                                                                                                      SHA-512:5CF3705537BA171A1773FECAED218B872468B2CD40831CBCBDCB001A75E2B4824C10510C02105E8B14C1161073A8A1A26D066486D23BE9A4FE9D4CBEF12ED00A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview::::::::::::::::::::::::::::::::::::::::::..:: Automatically check & get admin rights..:::::::::::::::::::::::::::::::::::::::::..@echo off..CLS ..ECHO...ECHO =============================..ECHO Running Admin shell..ECHO =============================....:checkPrivileges ..NET FILE 1>NUL 2>NUL..if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges ) ....:getPrivileges ..if '%1'=='ELEV' (shift & goto gotPrivileges) ..ECHO. ..ECHO **************************************..ECHO Invoking UAC for Privilege Escalation ..ECHO **************************************....setlocal DisableDelayedExpansion..set "batchPath=%~0"..setlocal EnableDelayedExpansion..ECHO Set UAC = CreateObject^("Shell.Application"^) > "%temp%\OEgetPrivileges.vbs" ..ECHO UAC.ShellExecute "!batchPath!", "ELEV", "", "runas", 1 >> "%temp%\OEgetPrivileges.vbs" .."%temp%\OEgetPrivileges.vbs" ..exit /B ....:gotPrivileges ..::::::::::::::::::::::::::::..::START..::::::::::::::::::::::::::::..setlocal & pushd ....

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\is-UGCE9.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):745984
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.58419506541404
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12288:hvQoE1FDvl2eyb2lSwrnbqp6ChvaCd8I1Scf1VX5/yvNMTqCfuM12LgAN4/fdXB:7YvJlSwfW9aWAcft/MNMTf2Mwcj/1
                                                                                                                                                                                                                                                                                      MD5:119A4963DD4BEAE7DBF4CF973F3D5ACA
                                                                                                                                                                                                                                                                                      SHA1:C48B55BDDDE9C90CE41A3FF3A1AD7CADAF01701D
                                                                                                                                                                                                                                                                                      SHA-256:ECD68FCB3131FDCC944F13C715BDF8DCDDBFFDF21C32C615A97B4EE8145D9BD3
                                                                                                                                                                                                                                                                                      SHA-512:22161D38BEE86B8BC3F16FBB096893F0F11342A1312D3DFD970E6E18950AB9A0C84B021E2337D21737F98004C941A41621DB3B804866D677ECA9DF13023BF4BA
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:.H.T.H.T.H.T.S7..k.T.S7.Q.T.S7..5.T.A..K.T.H.U...T.S7..o.T.S7.I.T.S7.I.T.S7.I.T.RichH.T.................PE..L.....rN...........!................................................................$.....@.........................Po.......h..(................................9...................................c..@...............(............................text............................... ..`.rdata..!...........................@..@.data...X............p..............@....rsrc...............................@..@.reloc...@.......B... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\jpeg62.dll (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):737792
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.801875998435243
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12288:wD3iRr13XeNTLQlRiZkVSUvyThSkWPc6X:wbiTGQHiZkVSUp0
                                                                                                                                                                                                                                                                                      MD5:523A9F8FB14845DACE902B1FDBF0CCB8
                                                                                                                                                                                                                                                                                      SHA1:7594B43F60921B3AF6938F1FACB202F5AA8D0075
                                                                                                                                                                                                                                                                                      SHA-256:C18CDF7A7B0055F3FCB43040A92022534D231E25DF601B490AB713F5D0EA0F48
                                                                                                                                                                                                                                                                                      SHA-512:DB3011C1BC4244E1D1F6C2878A15ADCA3CFE00A369EF96D2E5E6B6FC39332CAC40B7A0D80C004BE8646A000F5EC43C972D10989E3F97E5A354277816FB20B655
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......... ...NT..NT..NT.;.T..NT.;.T<.NT.;.T..NT...T..NT..OT.NT..KU..NT..JU..NT..MU..NT..NT..NT..JU..NT..NU..NT..T..NT..LU..NTRich..NT........PE..L...q.z\...........!.........F.............. ............................................@.........................`...........(....P.......................`..t,......................................@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0......................@....rsrc........P......................@..@.reloc..t,...`......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\libde265.dll (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):792064
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.692195348234998
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24576:V8lgUjU76+BoC5i8HcOM5q8heWo8F7MRy+mi33ibzdjR:iZDYcpqaGeC3SbBjR
                                                                                                                                                                                                                                                                                      MD5:ABEAAC0D8ABDF9C4839719E5E8FBFB6B
                                                                                                                                                                                                                                                                                      SHA1:01851DB649F56380577C9A9CBF707F2E8BAB608B
                                                                                                                                                                                                                                                                                      SHA-256:31FF5874369F02F1999A72DC214079074415944BF16CF552872FDBFFFA36D190
                                                                                                                                                                                                                                                                                      SHA-512:C86E2B8C76014F2AD65820CB1652F5B8AEB74C46178A8A884004AC4F9A91F25D7E981A041C8E9F6B4EADEB64399D904125790CC5BC3C538F27D837A859A6ACD5
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w...w...w......w.....Zw......w......w...w..ww......w.....w......w..o....w..o....w..o....w..Rich.w..........................PE..L... .A^...........!......................................................................@..........................t.........(............................0...d......................................@............................................text............................... ..`.rdata..v...........................@..@.data...`........4...|..............@....reloc...d...0...f..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\libeay32.dll (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1352704
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.789124909994034
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24576:L/W+KpPA221wFyYrshDGAkzATRMZjuyQbrpeVfwdokaErMRtPairFjUo:uL21wdCYVYaErWtPdrFAo
                                                                                                                                                                                                                                                                                      MD5:A3EE4938007ED34CF4BE7E873962BF78
                                                                                                                                                                                                                                                                                      SHA1:8008865EA5D5D83CDD40A9AE3CCF8D364812EC17
                                                                                                                                                                                                                                                                                      SHA-256:D78A115E4A443ABBAC70C5DA66D1BDD16C48619E897609A76D1AF62261441BED
                                                                                                                                                                                                                                                                                      SHA-512:D8F402E47B906CEC147FD82086236FCC12091968ECF6071FFBEA833EADF8FB554960D12E273B463DDE4F49A32C45BC401244D9164426ECC986361039CD4FDC69
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........U..;..;..;..8..;..>.c.;..?..;..>..;..?..;..8..;..:..;..:.T.;..;..;.C.?..;.C.;..;.C....;.C.9..;.Rich.;.........PE..L...vvA_...........!..... ..........5m.......0............................................@.........................0..........x....@..@....................P..........T...............................@............0...............................text............ .................. ..`.rdata...h...0...j...$..............@..@.data............f..................@....rsrc...@....@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\libheif.dll (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):491008
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.590671441611103
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12288:MS89CO35hLb1P39hCWvji0uz0rq1+Jj54eMopDmsDt9X+zLVtoL:M3nJnCWvjibs4c3DjX+Fu
                                                                                                                                                                                                                                                                                      MD5:A4AED5C0A0F48726D0F815127DDEAB6B
                                                                                                                                                                                                                                                                                      SHA1:829C01CBA303B48FF0CF618A28658CAD0C16B4F8
                                                                                                                                                                                                                                                                                      SHA-256:4C654E44F4147D84013F7B5BDCF2DDBDAFDC29FEDB8670881201C39BFE34E93E
                                                                                                                                                                                                                                                                                      SHA-512:C5DC4B83793C00C208962DE022B4209CA692CEA41697A0637DAD1BB4E6471AAD30DBA4AC98FEB5CECCED9C6B79D403B12E696DF1F74C6CD26E389EEECDD2ED6D
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......yf.5=..f=..f=..fXa.g3..fXa.g...fXa.g+..foo.g)..foo.g...foo.g"..fXa.g?..f.n.g>..f=..f[..f.n.g1..f.n.g<..f.n.f<..f.n.g<..fRich=..f........................PE..L...b.C^...........!.....|..........-.....................................................@.................................0...<....`.......................p...G......................................@...............p............................text....{.......|.................. ..`.rdata..............................@..@.data...t4... ...&..................@....rsrc........`.......4..............@..@.reloc...G...p...H...6..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\potrace.dll (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):239104
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.641416665834774
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6144:2HlhpMl5NGkA0e0IlKeA0qcAONT7ug+Y:2HlPMjA0e9UUPTCg+Y
                                                                                                                                                                                                                                                                                      MD5:EBB0A33FDC732FF1F211F9F467AAFC03
                                                                                                                                                                                                                                                                                      SHA1:676B33F33ED6BB5A076451BD31B0E81936CCC3C4
                                                                                                                                                                                                                                                                                      SHA-256:20E19844E80ACBD0EDF18D9F62E5E1B1D4DCD0DC4179CD8DA6A32B85B8AFE807
                                                                                                                                                                                                                                                                                      SHA-512:EC5E37EC820B3B7A638D2FD65EBC4E0208BFA92933B5359A0FCF998E023E0C64F778B9E649224760CFB91035C09C4BC39A144C1A7592B560D95F05681DA6FC10
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........p.g.#.g.#.g.#..##.g.#..!#0g.#.. #.g.#...".g.#...".g.#...".g.#+..".g.#..A#.g.#.g.#.g.#+..".g.#+..".g.#+.-#.g.#+..".g.#Rich.g.#........................PE..L....]...........!.....\...t......l........p............................................@..........................v......px..<................................#...V..p........................... W..@............p..(............................text....[.......\.................. ..`.rdata.......p.......`..............@..@.data...|<...........p..............@....rsrc...............................@..@.reloc...#.......$..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\pspiHost.dll (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):145408
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.39771652028681
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:k2TGe4Dr+1r2+ePVlwf94mg39rm+mPb5PSWk/Dmru7P:k+Ge4Dr+1rtetCVI38k/DUu7P
                                                                                                                                                                                                                                                                                      MD5:CBE0307F553A44A21A0A92FCF2392D85
                                                                                                                                                                                                                                                                                      SHA1:3AF7763944A61DD99C6110C7973C6E54AAB7495C
                                                                                                                                                                                                                                                                                      SHA-256:5FDEC741BB4EA7CC57ADA669129F5085E14B3A0015C1C638C6B3EBF03FF2E579
                                                                                                                                                                                                                                                                                      SHA-512:4CE3258362173DF1D85E19D6ABD5586860154370243A28C586E104101669EC4694E42CC3A6062F06E6410D404030B41A95D0231F1D6AE8FB158DC80CC83938A3
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... .p.d...d...d.......o...............w...6...A...6...k...6...u.......a...d...........`.......e.......e.......e...Richd...........................PE..L.....a...........!......................................................................@.........................P...........<....P.......................`..........p...........................`...@...............x............................text...0........................... ..`.rdata..*...........................@..@.data...l....0......................@....rsrc........P......................@..@.reloc.......`....... ..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\ssleay32.dll (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):353792
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.450214660480855
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6144:BI7PD1THviwNO9lAgr4vjFTekpSa41vuWiPNbA62/Wqext6BbsHvPUuieM9erem/:BI7PD1THviwNO9lAgr4vjdekoa41WWiv
                                                                                                                                                                                                                                                                                      MD5:CF81B10D01BEAC2585027BDB62C828F4
                                                                                                                                                                                                                                                                                      SHA1:8E39A60A4D257D8B79C4BAD3DCE3BA9B76834E01
                                                                                                                                                                                                                                                                                      SHA-256:1458F81271DB9A68CB27D8778995E21137055B05EFFFD150FC46129FBDECD007
                                                                                                                                                                                                                                                                                      SHA-512:D9C033B937736D9A464E41826F3CD4D609E0F35ECC3A348C31C89D702A2C6C5DA634E3D31CAAB60ADAA7D213368ABC4237B926F554153A91844BBB4085676FFB
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........n............i......i.......i......i......g......g......g......f........8....f......f......f_.....f.....Rich............PE..L....vA_...........!................T.....................................................@.............................`$......<....`..@....................p......p...T...............................@...............h............................text............................... ..`.rdata..............................@..@.data...(@.......6..................@....rsrc...@....`.......0..............@..@.reloc.......p...0...6..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\tbb.dll (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):307200
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.6322254973907935
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6144:tYWJbKXKFnkAXLUhywxsvVlFM6qj/aeviVIINZjJX437EL7+:mWJbK6FnkiwxstlS6qj/aevMN3G
                                                                                                                                                                                                                                                                                      MD5:4D677269861F4EEBD5DFBB2B658CADCC
                                                                                                                                                                                                                                                                                      SHA1:A15F7BFFFD25FE52FE309582270404C55016EBC1
                                                                                                                                                                                                                                                                                      SHA-256:09C3C1CAC724ED557B7ADC2DFB7DC8F51F98A134715A1E2189640BC7B89DF495
                                                                                                                                                                                                                                                                                      SHA-512:05C036653959E3591FA22893BE5EE92C809057AB0D9252739960CF2501568A5554D6E683EEEA8FC7AC52C434EE906772F21087F5DDAD350C17BF76054FB20C5B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........?..P^v.P^v.P^v.58u.\^v.58s..^v.58r.B^v..6r._^v..6u.B^v..6s.y^v.58w.S^v.P^w.;^v..7..u^v..7u.S^v..7v.Q^v..7..Q^v.P^..Q^v..7t.Q^v.RichP^v.........................PE..L.....]...........!.....0...................@...........................................................................?..<I..(...............................P;......p........................... ...@............@..|............................text..../.......0.................. ..`.rdata.......@.......4..............@..@.data...lH...`...(...F..............@....rsrc................n..............@..@.reloc..P;.......<...t..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\unins000.dat

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:InnoSetup Log ImBatch (32-bit) {5C8028D2-E41D-44A3-A51E-E6FFF8F448B3}, version 0x418, 29679 bytes, 878411\37\user\37, C:\Program Files (x86)\ImBatch\376\377\377
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):29679
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.8358041140557773
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:/9x3ebqqW7Ix6KoQ1QnihVddYDWXZYg5b:GW7I4KoQ1QnihVddYDWXZ1
                                                                                                                                                                                                                                                                                      MD5:37A7AAB376C18378C503B6F20571A573
                                                                                                                                                                                                                                                                                      SHA1:2105A864BAAB12C84D766AE402D34D8DD45D58AF
                                                                                                                                                                                                                                                                                      SHA-256:18B2F8AAF4567009CA523774B289447D2570507ADAC4AE4744D34EBD1EBD0741
                                                                                                                                                                                                                                                                                      SHA-512:4739970A7D93365B795F8DF476074D1173BB9BCAB2B24D7A00AE94E2E3638EEE1249926DF7A41B1A22D43F46A7DCBE45F70C368E17620EC6FB49B9E7CA8101D8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:Inno Setup Uninstall Log (b)....................................{5C8028D2-E41D-44A3-A51E-E6FFF8F448B3}..........................................................................................ImBatch (32-bit).........................................................................................................................s..................................................................................................................$.M..........JDA......y........8.7.8.4.1.1......h.u.b.e.r.t......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.I.m.B.a.t.c.h................(.9.p.. ..........f...IFPS....,..."....................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM.........TSETUPSTEP.........TEXECWAIT.........TOBJECT....TOBJECT....

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\unins000.exe (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):3266109
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.442905037245138
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:49152:vdx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoHVHNTQTEjg3336/SC:0HDYsqiPRhINnq95FoHVBg3336p
                                                                                                                                                                                                                                                                                      MD5:C86F1E8BD0B4FC0F5E3B7555EDC94135
                                                                                                                                                                                                                                                                                      SHA1:8E5122DFB38D48B72BA0E46C67E12252CA946BBB
                                                                                                                                                                                                                                                                                      SHA-256:D92E731461345CDED4DF6B94C6AECA0E78393273A30C4C34A567E60C39C6009F
                                                                                                                                                                                                                                                                                      SHA-512:BFEE4A6AEB0EB8650CBD14B7FC6782F76DE375D74C0AF11777AB5EF08265E245F5D623364FE9A349175FC26AE7A804ED1962E39117797FF4A7FC35850FCD6ABF
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...oGXb.................B,..2......`V,......`,...@..........................`2...........@......@....................-.......-..9......<U....................................................-.......................-.......-......................text.....,.......,................. ..`.itext...(...0,..*....,............. ..`.data........`,......F,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-...... -.............@..@.rsrc...<U.......V..."-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\wPDFView03.dll (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):3032984
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.5342725772805785
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:49152:Et4ySr8QSdulASXLsA0L9pjtpWn8bbgHPEaTfTTrWhvGcv:EWlHsA0L9pxp9bgHF6Gcv
                                                                                                                                                                                                                                                                                      MD5:A4FF9BB4BA82C1DA7A57732C176C0EDA
                                                                                                                                                                                                                                                                                      SHA1:AE2A1ECE1EAE3C5805FF469C57F3AAB3CB26E797
                                                                                                                                                                                                                                                                                      SHA-256:AC0EF68CB05678CF007A3E607495330A975494232ED0B509533664EE9C593702
                                                                                                                                                                                                                                                                                      SHA-512:6F95432A892B1D9134DA69B622E63DEDA7AED3780694FA0AE4C10DEF4898B9592B7EA22F7E52AA471033141DCAC155218A0ECEF12BD3AEA429783B738A94DFD2
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....j.S..................'..|........'.......'...@...........................2......./.................................B.... ..<}...P1.........................(....................................................3..H.......&....................text.....'.......'................. ..`.itext........'.......'............. ..`.data.........'.......'.............@....bss.....`....).......)..................idata..<}... ...~....).............@....didata.&.............*.............@....edata..B.............*.............@..@.reloc..(.............*.............@..B.rsrc........P1.......,.............@..@..............2.....................@..@................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\wp_type1ttf.dll (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):745984
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.58419506541404
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12288:hvQoE1FDvl2eyb2lSwrnbqp6ChvaCd8I1Scf1VX5/yvNMTqCfuM12LgAN4/fdXB:7YvJlSwfW9aWAcft/MNMTf2Mwcj/1
                                                                                                                                                                                                                                                                                      MD5:119A4963DD4BEAE7DBF4CF973F3D5ACA
                                                                                                                                                                                                                                                                                      SHA1:C48B55BDDDE9C90CE41A3FF3A1AD7CADAF01701D
                                                                                                                                                                                                                                                                                      SHA-256:ECD68FCB3131FDCC944F13C715BDF8DCDDBFFDF21C32C615A97B4EE8145D9BD3
                                                                                                                                                                                                                                                                                      SHA-512:22161D38BEE86B8BC3F16FBB096893F0F11342A1312D3DFD970E6E18950AB9A0C84B021E2337D21737F98004C941A41621DB3B804866D677ECA9DF13023BF4BA
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:.H.T.H.T.H.T.S7..k.T.S7.Q.T.S7..5.T.A..K.T.H.U...T.S7..o.T.S7.I.T.S7.I.T.S7.I.T.RichH.T.................PE..L.....rN...........!................................................................$.....@.........................Po.......h..(................................9...................................c..@...............(............................text............................... ..`.rdata..!...........................@..@.data...X............p..............@....rsrc...............................@..@.reloc...@.......B... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\ImBatch\zlib1.dll (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):175104
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.710085266649328
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:N9r9mNTCwJt19ygGKMgWI7WH4KqS7GgSSh2w7KuGjPXPj+VnXTBfbiEgYRv9/RQj:VmZeE366g/rKN3jwXTBDiEl5Q+I
                                                                                                                                                                                                                                                                                      MD5:FCB71682525261D9CF9B5B1C37C2841C
                                                                                                                                                                                                                                                                                      SHA1:64C638F01F4CEACCFABCC0AAE35954E64861C521
                                                                                                                                                                                                                                                                                      SHA-256:C428C6A1B5E2E6B4222050B91537EFD2CFA029622489BC161B22DC45E7703AFE
                                                                                                                                                                                                                                                                                      SHA-512:AEB0FED09750A03A35D882782DEBC2ADA8D911F2AAD483F1521A7C34187935F048F7A864B092981A2AFCF6D900004FCF62D457DB73065315B395F85080D6F88A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J\...=@..=@..=@.k[C..=@.k[E.=@.k[D..=@.....=@.\UE..=@.\UD..=@.\UC..=@.k[A..=@..=A._=@.TD..=@.T@..=@.T...=@.TB..=@.Rich.=@.................PE..L....m.]...........!......................................................................@.........................p...H.......(.......0............................{..T............................{..@............................................text............................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\High Motion Software\ImBatch (32-bit)\Context Menu Editor (32-bit).lnk

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Oct 7 21:40:58 2024, mtime=Mon Oct 7 21:40:58 2024, atime=Tue Aug 13 19:28:14 2024, length=10704296, window=hide
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1140
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.681211518158754
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:8mZN2/yIENdOE4TVEejzr3SANFd8zr3ydZUUth86qygm:8mviMNdO5+ejHhNFd8HidSg+3yg
                                                                                                                                                                                                                                                                                      MD5:C04A2E7C023BC459BBA21A7AB6F6662E
                                                                                                                                                                                                                                                                                      SHA1:1E9581520E668E00BEA99A203ACB435F15E8CBD2
                                                                                                                                                                                                                                                                                      SHA-256:CA420D7A155C66D4FD18CAE6B2C584F7B627F9A47C4EF7DE963CBF8A7F014E05
                                                                                                                                                                                                                                                                                      SHA-512:CC15EE26B1A1918AF28301C6BD1DEA5758465CD6C0E189352AEA006B66743AE5B7C3188D302A102D80BF05488C28A795271FD37FC625669127D0330AC2A20C33
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:L..................F.... ....oS..............R.....U...........................P.O. .:i.....+00.../C:\.....................1.....GY....PROGRA~2.........O.IGY".....................V.....4U..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1.....GY"...ImBatch.@......GY..GY"......)....................../.I.m.B.a.t.c.h.....x.2..U...Y.. .CONTEX~1.EXE..\......GY .GY ......)........................C.o.n.t.e.x.t.M.e.n.u.E.d.i.t.o.r...e.x.e.......c...............-.......b...................C:\Program Files (x86)\ImBatch\ContextMenuEditor.exe..F.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.I.m.B.a.t.c.h.\.C.o.n.t.e.x.t.M.e.n.u.E.d.i.t.o.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.I.m.B.a.t.c.h.........*................@Z|...K.J.........`.......X.......878411...........hT..CrF.f4... ..G..Yc...,...E...hT..CrF.f4... ..G..Yc...,...E..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6

                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\High Motion Software\ImBatch (32-bit)\ImBatch (32-bit) on the Web.url

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:MS Windows 95 Internet shortcut text (URL=<https://www.HighMotionSoftware.com/>), ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):61
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.629359009935769
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:HRAbABGQYm2frSL96URSBYvn:HRYFVm4GL9Bvn
                                                                                                                                                                                                                                                                                      MD5:EE46AB95A39B784057E5A9EDA761D44C
                                                                                                                                                                                                                                                                                      SHA1:31B3C7CB753C8D3CBDA78F4D6C3B021B85559232
                                                                                                                                                                                                                                                                                      SHA-256:29DE844DDE4212491BBF02C1E948F2DBCD334336CDC64C35EED098469107DF07
                                                                                                                                                                                                                                                                                      SHA-512:1E4AACBFBB934886D5A9B9C4DB2E96ED6D4EE13029A4E3AEDDD0B78A306EA4C967F29B125054D74B60646AF749E7218D0C0437408EF8E5AD073AAD9D5351A07B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:[InternetShortcut]..URL=https://www.HighMotionSoftware.com/..

                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\High Motion Software\ImBatch (32-bit)\ImBatch (32-bit).lnk

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Oct 7 21:40:58 2024, mtime=Mon Oct 7 21:40:59 2024, atime=Tue Aug 13 19:28:18 2024, length=7767944, window=hide
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1088
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.658116908447754
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:8muu200X8lm90EXGkcdp8DCD4/a56t6CSAMjAsIXaDbdpYibSA8tbdpYinFNUUtj:8ms+E6dOE4nIAsIAdhQdZUUth0yqygm
                                                                                                                                                                                                                                                                                      MD5:E1493FB9F44DC61A703F7361CE69DB90
                                                                                                                                                                                                                                                                                      SHA1:EE446280A939CAD7231CE9BCB2E1744BC3E09C6A
                                                                                                                                                                                                                                                                                      SHA-256:5ABF785FDE2723F8303E800A213FC66DB1F69B410676715BC7917414315A5DC8
                                                                                                                                                                                                                                                                                      SHA-512:C940C4BAC1F2D6FB3B13DA2E8EF51A3CB06C22139414D6B20807DFE5B5750260D7F666356E0DDFF0F0FEC1C19ABF92E1DC7473C1A698792CF55D0E37F061749A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:L..................F.... ...........y ........T......v..........................P.O. .:i.....+00.../C:\.....................1.....GY....PROGRA~2.........O.IGY......................V........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1.....GY!...ImBatch.@......GY..GY!......)....................K...I.m.B.a.t.c.h.....b.2...v..Y.. .ImBatch.exe.H......GY .GY ......)........................I.m.B.a.t.c.h...e.x.e.......Y...............-.......X...................C:\Program Files (x86)\ImBatch\ImBatch.exe..<.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.I.m.B.a.t.c.h.\.I.m.B.a.t.c.h...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.I.m.B.a.t.c.h.........*................@Z|...K.J.........`.......X.......878411...........hT..CrF.f4... ..G..Yc...,...E...hT..CrF.f4... ..G..Yc...,...E..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6

                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\High Motion Software\ImBatch (32-bit)\Image Monitor (32-bit).lnk

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Oct 7 21:40:57 2024, mtime=Mon Oct 7 21:40:58 2024, atime=Tue Aug 13 19:28:16 2024, length=9384872, window=hide
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1115
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.68144274117183
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:8mWyIENdOE4TVKPYsrYAMYXdnrxdZUUthLDqygm:8mWMNdO5Vat/MkdrxdSglmyg
                                                                                                                                                                                                                                                                                      MD5:F63BA8FB9AF355E083679BDA993A0BE2
                                                                                                                                                                                                                                                                                      SHA1:6E4DD4E9A3217E7A3F79E16817159A78E2223902
                                                                                                                                                                                                                                                                                      SHA-256:D207F372CB4A6F2AA65CF988719D3DCE1AB8BEED57B58C57B497AD2F18D3B95E
                                                                                                                                                                                                                                                                                      SHA-512:358EE516FB3A46BC0C15EB51DBECF8D222D1CB74148F479C6D7D19B269EB1E7C0CB8A39769301D489E624384D06C2C95A3F15D8551404520C75EFB27C43683E3
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:L..................F.... ...._.......p4........S.....3...........................P.O. .:i.....+00.../C:\.....................1.....GY....PROGRA~2.........O.IGY".....................V.....4U..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1.....GY"...ImBatch.@......GY..GY"......)....................../.I.m.B.a.t.c.h.....n.2..3...Y.. .IMAGEM~1.EXE..R......GY..GY ......)........................I.m.a.g.e.M.o.n.i.t.o.r...e.x.e.......^...............-.......]...................C:\Program Files (x86)\ImBatch\ImageMonitor.exe..A.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.I.m.B.a.t.c.h.\.I.m.a.g.e.M.o.n.i.t.o.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.I.m.B.a.t.c.h.........*................@Z|...K.J.........`.......X.......878411...........hT..CrF.f4... ..G..Yc...,...E...hT..CrF.f4... ..G..Yc...,...E..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.

                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\High Motion Software\ImBatch (32-bit)\Uninstall ImBatch (32-bit).lnk

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Oct 7 21:40:57 2024, mtime=Mon Oct 7 21:40:57 2024, atime=Mon Oct 7 21:40:49 2024, length=3266109, window=hide
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1095
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.679444515336826
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:8mWUZyIENdOE4TRi6AQmHdlDdZUUthTrqygm:8mTZMNdO5RipQedlDdSgtuyg
                                                                                                                                                                                                                                                                                      MD5:90391BEC4F455347A8BFE44A7616EAE4
                                                                                                                                                                                                                                                                                      SHA1:962396660183B3CF9F7EC9AD6EC3D7512BD40446
                                                                                                                                                                                                                                                                                      SHA-256:1E72701AAAEA5663697A539743A62E7DF719FCCEA0B08141B0DFF2226C3655E3
                                                                                                                                                                                                                                                                                      SHA-512:775AD93B26B7196EB4E8AAF72FF28630747136117F86DAC6DA02DDE82935718B3A4F3D18302DE7794BEB7D804A48E881DDD506A6A98049E8419EE0BF5ADC79F0
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:L..................F.... ....(.......(.......#......=.1..........................P.O. .:i.....+00.../C:\.....................1.....GY....PROGRA~2.........O.IGY".....................V.....4U..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1.....GY"...ImBatch.@......GY..GY"......)....................../.I.m.B.a.t.c.h.....f.2.=.1.GY.. .unins000.exe..J......GY..GY.......)....................w.O.u.n.i.n.s.0.0.0...e.x.e.......Z...............-.......Y...................C:\Program Files (x86)\ImBatch\unins000.exe..=.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.I.m.B.a.t.c.h.\.u.n.i.n.s.0.0.0...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.I.m.B.a.t.c.h.........*................@Z|...K.J.........`.......X.......878411...........hT..CrF.f4... ..G..Yc...,...E...hT..CrF.f4... ..G..Yc...,...E..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.

                                                                                                                                                                                                                                                                                      C:\Users\Public\Desktop\ImBatch (32-bit).lnk

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Oct 7 21:40:58 2024, mtime=Mon Oct 7 21:41:02 2024, atime=Tue Aug 13 19:28:18 2024, length=7767944, window=hide
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1064
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.686495150439451
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:8mZyIENdOE4T+IAsIMdhQdZUUth0yqygm:8mZMNdO5EsIMd2dSgWvyg
                                                                                                                                                                                                                                                                                      MD5:4BF64E2019F7E2C6BF513D3AEB1E685B
                                                                                                                                                                                                                                                                                      SHA1:B31C27024B17BF83005C25A1A3C797536F045435
                                                                                                                                                                                                                                                                                      SHA-256:382FD9DAFC39E915BC764DDC9401AC387DE10428C0980FDB7A789EC66A0D5D89
                                                                                                                                                                                                                                                                                      SHA-512:B5DFB9E64A2CAEB5BF33489C2D027D0E1038B19FE78C2D7DFF61227CF94AD5A61C4EAAE2068DAFD884B0A7FDDBA5045F2B3F24BB40DD855033A3472B0706048B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:L..................F.... ...........'.........T......v..........................P.O. .:i.....+00.../C:\.....................1.....GY....PROGRA~2.........O.IGY".....................V.....4U..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1.....GY"...ImBatch.@......GY..GY"......)....................../.I.m.B.a.t.c.h.....b.2...v..Y.. .ImBatch.exe.H......GY .GY ......)........................I.m.B.a.t.c.h...e.x.e.......Y...............-.......X...................C:\Program Files (x86)\ImBatch\ImBatch.exe..0.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.I.m.B.a.t.c.h.\.I.m.B.a.t.c.h...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.I.m.B.a.t.c.h.........*................@Z|...K.J.........`.......X.......878411...........hT..CrF.f4... ..G..Yc...,...E...hT..CrF.f4... ..G..Yc...,...E..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.........9

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\BolideLog\{DC960FFD-14A7-48B7-83D1-6FA0A6445A05}.txt

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\ImBatch\ImBatch.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):59
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.4935710666804605
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:Z/s26LLwuN9L1AgFIuNkVev:aR/zL1AAoev
                                                                                                                                                                                                                                                                                      MD5:36A6E3ABC67B1D3343AA931D423D9383
                                                                                                                                                                                                                                                                                      SHA1:9421C6DCFF6AE46ADC5DA19B2D5FDFA90C8E5D1B
                                                                                                                                                                                                                                                                                      SHA-256:B8303A9A5B076573BDBFEB06124F59D77CA697305CC286D75D211A2A743E6C3F
                                                                                                                                                                                                                                                                                      SHA-512:535B8B329AE48A21BA28A690596A46C0DF9415B18182A6466EC3CF5241F329EE25E26C2A4EBE5C5860A6F64C090C669AD909945451B86303DACDAED517DEE7D8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:00:00.000.Session start - ImBatch 7.6.2 en-US - 1280x1024..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\09BE95FDFECC4CF693589C616F4473D2.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\ImBatch\ImBatch.exe
                                                                                                                                                                                                                                                                                      File Type:zlib compressed data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):901862
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.998728247535261
                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                      SSDEEP:24576:I8zdRCyNlWKM8YjndYQB10E2WRimurUH7kgk38cyEan:I6LC8vMBjn7BPRtRAB3zDu
                                                                                                                                                                                                                                                                                      MD5:AA7C9D5E4C70D41B3066E04F1FC72B2A
                                                                                                                                                                                                                                                                                      SHA1:0C01902CEAC60660D574E65BB3C0A0EB2CD0FA31
                                                                                                                                                                                                                                                                                      SHA-256:DDA7CD4E7AEE850392F44FB85C0FD35B73EF02EAED84CCFDA591B299515D409E
                                                                                                                                                                                                                                                                                      SHA-512:040BE97D196C81F43985930063DE05FAB9C667FE6526D381C392E24F6E2399F90DEFA7FEB6511AEFA5DFCDFEE07B098AEC4455BBD6EF079C2E7FB4F650594C8D
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:x..w ...?~.{.....{....2..$$.2..l".dE...23..3.E2.....y.g..z........}.u].:..u....&...A......cS..7.cZ..WB.";.z..$..A.o.= . [[.V...>...y.........(a\jk..M.Z./....4"2...k..Ky............S..c.>kG.U....|.n.X.@..G..=..M.X.K.&..;.hb2.......;.._lnkn...D6.!AJ.=.'"./._..i.!EL:..n5.....Pb..8.....@.0...rL ..,........j.\Up%.......ON?.....y....*.......\.K..y.j...N...Y.=+......(..j..G.eI..q&.>.@..Y..[.9.|.R..7 .........e;..%.{e0...;.............*.@d.!.f.U.O.j..n.3"...W..t.+}..,..gm.C...jb...mR.GFS.M....egf:I ..c.u....E.Js.1.C.N6.@.Ch<..G.......8y._s.Ti..r. 8.d.Bam.'.....GM...1.w..@.).:..9nRA./..U.....m_.....!.B9.. .#...}..m.....w..M.,k..]...r...R+$f.5T........}...5A..a..<k...Nu...'...|}zb..<..EKg..4r....}.%3.?XlqFR!.-..T....e.....{Mv}.........Y.l`]...U..h.5..?..... .....^...L....Q..Z..P....E.`|..ddV...Mt(.pj.Pq.2..@y$.tk.........}...F........zZ.5H..............0.m......[.........P....,iZ..07Ol...-X:.X..%..`B.\.Y..\_.{.Q.q.!.ny.^.....qYY....w.sc*...?...O

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\29B6F2811A824321A0D318C40444292A.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\ImBatch\ImBatch.exe
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2124
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.25763476531683
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:1Itf55M9CG1rKzgtk/y3TO4+Ob6GXk/JzenCkj+pTFw:1Gf55M9CG1rKzgtkgr+ObiynCkj+lG
                                                                                                                                                                                                                                                                                      MD5:F547953667EAFF3E50FB9CE3E0032F8C
                                                                                                                                                                                                                                                                                      SHA1:7B59E0C9F2DC93CEAEF2F0C44E8D8C0081924A1F
                                                                                                                                                                                                                                                                                      SHA-256:435D3F946A6781AF288A3F29E50535713B2D8EA5D0EEF703CBC7BD20FF0D3969
                                                                                                                                                                                                                                                                                      SHA-512:A3C62D47178DC92BFAA8BD0C22EDCA6683E5C45869CBCB0995620EA53B6F482E433A5DD9B701732460773E171D43E28189B33B6FCCFE329105C5F1495BC41967
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.Activate=1..atFixSafeCallException=1..atVCL=1..atWin32=1..cfoReduceFileSize=0..CompatibilityMode=0..csoCaptureOnlyModuleExceptions=0..DeleteMapAfterCompile=0..dpDLLExports=0..dpMicrosoft=1..Encrypt Password=""..EurekaLog Version=7007..Filters_0_Action=3..Filters_0_Active=1..Filters_0_BugID=0..Filters_0_Class=""..Filters_0_Context=0..Filters_0_Dialog=" "..Filters_0_Handled=0..Filters_0_Handler=1..Filters_0_Message=""..Filters_0_Module=""..Filters_0_Properties=""..Filters_0_Routine=""..Filters_0_Type="ESimpleXMLWError"..Filters_0_Unit=""..Filters_0_URL=""..Filters_1_Action=3..Filters_1_Active=1..Filters_1_BugID=0..Filters_1_Class=""..Filters_1_Context=0..Filters_1_Dialog=" "..Filters_1_Handled=0..Filters_1_Handler=1..Filters_1_Message=""..Filters_1_Module=""..Filters_1_Properties=""..Filters_1_Routine=""..Filters_1_Type="EFOpenError"..Filters_1_Unit=""..Filters_1_URL=""..FiltersCount=2..idEurekaLog=1..idEurekaLogDetailed=1..idMSClassic=1..idStepsToReproduce=1..InjectCode=1..InjectInfo

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\506FB78A5B1D4327AABFA9509B223B48.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\ImBatch\ImBatch.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1722938
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.173431678867858
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:49152:dkYfVsf5S4vu/KeHHdriu+YiL6gztN3nwSXwPFJys7K7VNDMbn+J1JWp8vXRro4f:ENYtY4J5PZM
                                                                                                                                                                                                                                                                                      MD5:213A81BEFE7495621BF0E1A7331E32AB
                                                                                                                                                                                                                                                                                      SHA1:F661239D3FB56C4977F865D749E62CEBAE8312D8
                                                                                                                                                                                                                                                                                      SHA-256:009D06BE73836B4DB947FD63A65E726C10A7474B3743CF40BC87E5DCAF95D311
                                                                                                                                                                                                                                                                                      SHA-512:A20174FC846C9C35D8800C0E98607B5AD60C9201A5079C9E26E0358189B9552E6F40F6B27FFF79660E031A2BA754347BC54C40C9B5C048E9144A5EF4F410D217
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..........F.3.{x......p....................-<.....k..d..................+7....5{..................<.mm.h.\x.................wx.'mx......,.~..............Y....8....i..............q.l...I........................0...1............a.t.......n............`. (...............v[....n.8...........)x.O}a..n...........c.#.R............[L..H....+..........v`..h...OR].R...........Z7..............m..|........aQ...........eiP#j...B..UOu,.7&.(..........-Z...xM...].Q.?.._................E............/7...D.................j..pV&W..B*.F......T.ae.............O...9cC.mx.?..............m....L#..}.g68K^D..o..............._.9/K.2Lp.T.cG...........].....D..*............eiP#j.....5e................D...\....D5............Q.c...'.5.........../N.A*..@............9'....-.6I..+...............t.w...........48o..E.d.c~"...]..................3!YM.................[.|..J.]b..........fjz:`...-...........9X.e..iS;D..............b...1..[#a..j.............b...1_z..ko................tTY..P....

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\80AB26EB77BB4B8BABDF4FE25DCB5392.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\ImBatch\ImBatch.exe
                                                                                                                                                                                                                                                                                      File Type:zlib compressed data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):920
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.737222510369589
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:7sFEzmurjcCVAPau/920+315fByHgv3XvFwSPD+d5eEQWacfiswl8S366hWPJ:7sFEztrjcCVcV83dcorDEAoaNswiACJ
                                                                                                                                                                                                                                                                                      MD5:26FDDA963A7BEF2D614156DA9A351898
                                                                                                                                                                                                                                                                                      SHA1:7B94666DEB6F39B83E92E3698502513183B5D4F2
                                                                                                                                                                                                                                                                                      SHA-256:50292C115EDD99864AD174ED73B239C7B072C1796F9B62EC740D372C3FB8F567
                                                                                                                                                                                                                                                                                      SHA-512:E3AA6E914676CE489A432B28EC5AEF9B63B4BB55B9F8A39ABDE4CF9593FC0E620B82D43EF93536693CF6773670EE2AFE058BDDBD5A6DB036DB859C723DD15B30
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:x.uV.n.6.}......h..k.8m!`mIF.X..9.E....a.....e.~Y..I...EY.e..sx4...P....$.tK4.....3.O....X.OAh.........-FC.L....2..e..o..no.....2..1.*0U< B....f.A.^.F..4.DL...q.>.F&..<.....vLS.._k.CT.. .. J..|.E..}%s.q^A*S.x0...`..\...L.......M..Ch...a.*.....{}I.)a|....gRd..K...e...".h..........N...m.. ........./..\^P^..[_.<./..CE.CE.ZE.CE.KE.SE.KE.KE.SE.KE..T.:U.*...m..k...../...ooh.4.....A.j..8.T..5..B-.....-4.C...:0....5?YO..C......._mD.Y1...V.&..1...R0..*..<....s.I..4..Y..}..Qt..a.n8....i.2.N........x....P.....T..sXF..%H.."...i..T`@.@..w.a.....L..v..1b.<.v.a../....=..=<....=...9]....d....w...b4.3.>.<.$.F...p...kE..)7...o)8.....:.V....>..y..xD....j....P.\.w.@..F..:../e.r..m.Vd+..T-.ik&y....e.m.I..u...O.N....w...|..^?.l.G.l...s..j..FF.'g{..N....@K"7..!\e.q.....3...7..8.3..k.A.B,..".mn....94f..=...&|.s1..!...@..).*~"-.&..z...-.....e.4.C...Q..-..,V.S2-)....bS..Y..../".......c`........

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\ADF24A5EC39A4B00BD85BE8387D107CF.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\ImBatch\ImBatch.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):3705228
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.4990120302817527
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24576:CVkdvysBtnN7B3eIJd7IHFYEqOkrX+azQy/AQs3QUFCJJssee5L3dInEFghk4GGI:CyNBFW4iR5TbNPYRjXZi9O
                                                                                                                                                                                                                                                                                      MD5:69D12165FD52076A70B99F681E3FC79A
                                                                                                                                                                                                                                                                                      SHA1:AB8868BE771F68CEDAFE56013D08CD47BF831270
                                                                                                                                                                                                                                                                                      SHA-256:9E258614AE7551E480C92A4E8EF84BC537BC3DEDA69AC03EDD568B667F76764C
                                                                                                                                                                                                                                                                                      SHA-512:DB9FF34C25ADFFEC1A957F2943DA5A3A84511D55F1AC3F4D5E3B48446D93784D91ECF5A8D5832CF209D78EFD93C1580ED5002530C2596CE3843121A8754FA6EA
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:S.y.s.t.e.m.S.y.s.t.e.m...p.a.s.T.O.b.j.e.c.t...T.C.u.s.t.o.m.A.t.t.r.i.b.u.t.e...W.e.a.k.A.t.t.r.i.b.u.t.e...V.o.l.a.t.i.l.e.A.t.t.r.i.b.u.t.e...T.I.n.t.e.r.f.a.c.e.d.O.b.j.e.c.t...T.M.a.r.s.h.a.l...C.l.o.s.e.H.a.n.d.l.e.G.e.t.S.t.d.H.a.n.d.l.e.C.r.e.a.t.e.F.i.l.e.G.e.t.F.i.l.e.S.i.z.e.G.e.t.F.i.l.e.T.y.p.e.R.e.a.d.F.i.l.e.S.e.t.E.n.d.O.f.F.i.l.e.S.e.t.F.i.l.e.P.o.i.n.t.e.r.W.r.i.t.e.F.i.l.e.R.e.m.o.v.e.D.i.r.e.c.t.o.r.y.G.e.t.C.u.r.r.e.n.t.D.i.r.e.c.t.o.r.y.W.S.e.t.C.u.r.r.e.n.t.D.i.r.e.c.t.o.r.y.W.F.i.n.d.C.l.o.s.e.F.i.n.d.F.i.r.s.t.F.i.l.e.I.n.i.t.i.a.l.i.z.e.C.r.i.t.i.c.a.l.S.e.c.t.i.o.n.E.n.t.e.r.C.r.i.t.i.c.a.l.S.e.c.t.i.o.n.L.e.a.v.e.C.r.i.t.i.c.a.l.S.e.c.t.i.o.n.D.e.l.e.t.e.C.r.i.t.i.c.a.l.S.e.c.t.i.o.n.C.r.e.a.t.e.T.h.r.e.a.d.G.e.t.C.u.r.r.e.n.t.T.h.r.e.a.d.I.d.S.w.i.t.c.h.T.o.T.h.r.e.a.d.E.x.i.t.T.h.r.e.a.d.E.x.i.t.P.r.o.c.e.s.s.R.a.i.s.e.E.x.c.e.p.t.i.o.n.R.t.l.U.n.w.i.n.d.U.n.h.a.n.d.l.e.d.E.x.c.e.p.t.i.o.n.F.i.l.t.e.r.G.e.t.L.a.s.t.E.r.r.o.r.F.r.e.e.L.i.b.r.a.r.y.L.o.a.d.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\DD3E20BFA9834B29BA4A9E55DF873DA8.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\ImBatch\ImBatch.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1722942
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.173430217885064
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:49152:rkYfVsf5S4vu/KeHHdriu+YiL6gztN3nwSXwPFJys7K7VNDMbn+J1JWp8vXRro4f:ONYtY4J5PZM
                                                                                                                                                                                                                                                                                      MD5:62846CDD18E7ABCA457EF854A4EB5BDE
                                                                                                                                                                                                                                                                                      SHA1:C470C1ABDE1C624620DA8E3933148BDF267B22D9
                                                                                                                                                                                                                                                                                      SHA-256:999A3EE6CAB5C4D6F0B8CE2A1C80EC42F2D1910BEDC9FED62A99D30826334D90
                                                                                                                                                                                                                                                                                      SHA-512:F9EF3CABCEDD529D2F9EB0F824498F612B6E436037148847630C78DFB3B20A6C66A83DDAC95F9A91461ED723114C56526698C1B003C92E940D933B4B52771E7F
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview::J............F.3.{x......p....................-<.....k..d..................+7....5{..................<.mm.h.\x.................wx.'mx......,.~..............Y....8....i..............q.l...I........................0...1............a.t.......n............`. (...............v[....n.8...........)x.O}a..n...........c.#.R............[L..H....+..........v`..h...OR].R...........Z7..............m..|........aQ...........eiP#j...B..UOu,.7&.(..........-Z...xM...].Q.?.._................E............/7...D.................j..pV&W..B*.F......T.ae.............O...9cC.mx.?..............m....L#..}.g68K^D..o..............._.9/K.2Lp.T.cG...........].....D..*............eiP#j.....5e................D...\....D5............Q.c...'.5.........../N.A*..@............9'....-.6I..+...............t.w...........48o..E.d.c~"...]..................3!YM.................[.|..J.]b..........fjz:`...-...........9X.e..iS;D..............b...1..[#a..j.............b...1_z..ko................tTY..P

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\ICACHE-3D1EF046.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\ImBatch\ImBatch.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):262144
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                                                                                                                                      MD5:EC87A838931D4D5D2E94A04644788A55
                                                                                                                                                                                                                                                                                      SHA1:2E000FA7E85759C7F4C254D4D9C33EF481E459A7
                                                                                                                                                                                                                                                                                      SHA-256:8A39D2ABD3999AB73C34DB2476849CDDF303CE389B35826850F9A700589B4A90
                                                                                                                                                                                                                                                                                      SHA-512:9DD0C30167FBEAF68DFBBAD8E1AF552A7A1FCAE120B6E04F1B41FA76C76D5A78922FF828F5CFFD8C02965CDE57D63DCBFB4C479B3CB49C9D8107A7D5244E9D03
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\ILIST-3B0E580D.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\ImBatch\ImBatch.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):262144
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                                                                                                                                      MD5:EC87A838931D4D5D2E94A04644788A55
                                                                                                                                                                                                                                                                                      SHA1:2E000FA7E85759C7F4C254D4D9C33EF481E459A7
                                                                                                                                                                                                                                                                                      SHA-256:8A39D2ABD3999AB73C34DB2476849CDDF303CE389B35826850F9A700589B4A90
                                                                                                                                                                                                                                                                                      SHA-512:9DD0C30167FBEAF68DFBBAD8E1AF552A7A1FCAE120B6E04F1B41FA76C76D5A78922FF828F5CFFD8C02965CDE57D63DCBFB4C479B3CB49C9D8107A7D5244E9D03
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):3241984
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.4562688847969145
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:49152:3dx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoHVHNTQTEjg3336/Sd:cHDYsqiPRhINnq95FoHVBg3336o
                                                                                                                                                                                                                                                                                      MD5:622B58CAEE5DCD88A475F7431D706D7B
                                                                                                                                                                                                                                                                                      SHA1:FA2AC0D0CEDDE7512859A7DBD803ECA6CE9BBC0F
                                                                                                                                                                                                                                                                                      SHA-256:FD5D4BE0861AF4CABBE0E6F66077DD54E7422E62C03C62BBA7A7879421B42905
                                                                                                                                                                                                                                                                                      SHA-512:7AA71A15941D7FD2F7E42DAD5BD0AF2D33E24DD226F8ED626BB92D13C4E12878CFDEF088F04F3DEA844D4DC70650CF98E3CAC970457D9F8BC36EF44D5964F8BF
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...oGXb.................B,..2......`V,......`,...@..........................`2...........@......@....................-.......-..9......<U....................................................-.......................-.......-......................text.....,.......,................. ..`.itext...(...0,..*....,............. ..`.data........`,......F,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-...... -.............@..@.rsrc...<U.......V..."-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-AUHB1.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):6144
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                                                                                      MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                                                                                      SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                                                                                      SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                                                                                      SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames01.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:44:41], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):115249
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.811644868764116
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:tlBylBweI83zZ+lDW2nwD9UfSBAvyVeNkxA2r:C31+lHwufWmC0ir
                                                                                                                                                                                                                                                                                      MD5:F80C90560ABC2C7C3F6D5AD4EFA5FF3D
                                                                                                                                                                                                                                                                                      SHA1:5ABB063406ABF714ADD177B492A7928D9C8AAB3D
                                                                                                                                                                                                                                                                                      SHA-256:BC75FAF179CD86C38659558EFE2FAA4E34D285EE45EB3A80326132E3A35E18F9
                                                                                                                                                                                                                                                                                      SHA-512:DC355488498D3161C2C2108CA47E1A55B3C2755B402DF28D57541E7275078A86F881FDC4291B870C67065A7BF08ED1ED6408101C93C5206A51852735C2921B2F
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....-.Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:44:41.....................................................................................&.(................................,........H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..k.5.=G....X.C.....s....{2..^M.wQuO..K..U+Y...t..~>Q...Q.uU..m.sq..._...i.eM.......H.?G.t....,.}..5..o........F.....?..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames02.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:44:58], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):115103
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.802344482607245
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:rSnSwC3HQHfjWnlp2RvQjVRIE4MIzqNQf8:73w/jWlC4BM3z2QE
                                                                                                                                                                                                                                                                                      MD5:69E152A52E92449CF4DF3CEE89AAA1E2
                                                                                                                                                                                                                                                                                      SHA1:DC23017E30AB56049D3BE01EE6FC28E647C9B4E8
                                                                                                                                                                                                                                                                                      SHA-256:AB31E7D9F48E2B954EC05AA13738F3868927DC84C524A0BE0A0914C4654C5829
                                                                                                                                                                                                                                                                                      SHA-512:B3CBD068A193ABEBE01A99019A083F8E980F0AC14191903828822B16D272B9E24FFB8E4D546AE08EEB18446C7C9455950A4B5B3694085BE0A6EEF2E7A2F24FE4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....0{Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:44:58.....................................................................................&.(................................/E.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...F3.e.?3.u.]...a<;!.s......../P.V.J.....I..1..7..Vcz8....V=<f.M...E.~^...........+...y`.....`...~KDbg..W.V{2...f...

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames03.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:45:12], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):109385
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.7871347758187675
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:b2LeS2LeXMHsRjw+rm2wDezQ0yUTTXB8jiPD:b2LeS2LeUsR0+qxDeEqf6iL
                                                                                                                                                                                                                                                                                      MD5:0824FEC01DC90C1B824D4F9627D917D0
                                                                                                                                                                                                                                                                                      SHA1:E8A04138C6811A1F7947005F4F07B06D37E7924B
                                                                                                                                                                                                                                                                                      SHA-256:124C98559A291DBD9C8233C01209B769BEA513E45F898569DA47A427F694FF06
                                                                                                                                                                                                                                                                                      SHA-512:7503BA02EBFE62150E6167DA0F8554B2927939D2B2BE46F71AC5D883136FD1C6EE055B6B6C7656541C9436151ADF4E7E4F98A0ABDB1702F397C0C4B0CE736ED0
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....1.Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:45:12.....................................................................................&.(................................/........H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?........k.....f..o{...}..o%.R......Y.k.....4..B.Z6e.........0r..1.k.c=g..A...*..G..(.x5.{...f(m..=.8;m.im-;.}{..S[..#..).

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames04.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:45:26], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):65862
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.6064966066236295
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:2CjpKMHBjpKMHV7QFNYy7+AG0kTvhXLzK+D4OEz7e7tw0x0Y5/QqkJztcFMipJcJ:wkykEN+ThXLzNDoz67tNRu3ltcKipJcJ
                                                                                                                                                                                                                                                                                      MD5:603ACEDAF17B7128A6FABFD517519EF6
                                                                                                                                                                                                                                                                                      SHA1:19FC76D105F378DFE2499935EFBD2D236105CCE5
                                                                                                                                                                                                                                                                                      SHA-256:3C4FFE73FE221D58F350543101608279184FCBD52C867C072722F8F3A9FA8182
                                                                                                                                                                                                                                                                                      SHA-512:44960F5A54F73081AAAD03D9CFEBE2458B79F6F32DACD149ADE27B9896DEFF04EEEDFEF1D1ED239A7706A726019F75BD22CFAC32B4A8594BB27E22E70035FA33
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H.....TExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:45:26.....................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..I%)$...{......h.I>.%,..~.}B......<oK......]G....Yw..?C]......=e.#?..c.......X.F...IO.........U..Y.7'5...dz.o.-v....zO.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames05.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:45:39], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):102165
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.776500804562673
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:EXOmHXOmCo36f9CSJM9HN/88QPwj1YVZ88wPL4r:27A9xge7ZvwD8
                                                                                                                                                                                                                                                                                      MD5:3AAA3F424097316D8CA6F07F4B2C179B
                                                                                                                                                                                                                                                                                      SHA1:E4E469493B67ABA0FBAFAD5E6696635298B16722
                                                                                                                                                                                                                                                                                      SHA-256:22D1952DD2D066BE4553AB4FD020773D7CC2FF44441CF6D20F9D01A55F67AE03
                                                                                                                                                                                                                                                                                      SHA-512:D990F8D4F4D0B893EA9C7A9478A6C9C3B87919F8902CFBC01E62BCBD2919267386229CD876CAAAA54D180B3AA601D502F73482C4CD180FC3F8B8252B9356FC72
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....+.Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:45:39.....................................................................................&.(................................*o.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H....(.*....m...1.cT...+.c.o.g..B...d3......o.....ZbW.0......YA...2..l~E..;..w...i.....]......1:M.U..~.j........c

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames06.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:45:51], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):75639
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.682170198725773
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:SakZIuHXqakZIuHXCN7VpAggbApP92tq6IsuflQkeE15qYglT0p6z1:cf3kf3mEgyAn2tmlQkeE15/rp6z1
                                                                                                                                                                                                                                                                                      MD5:E9D504BE4FF52626F78393F4225D4A78
                                                                                                                                                                                                                                                                                      SHA1:256AE26994ABA7F77370A775038F35992E06F024
                                                                                                                                                                                                                                                                                      SHA-256:8A3330DEF05CB70432819C6500BC2A48D9F31FF547A2DB914A88C518B5F57D01
                                                                                                                                                                                                                                                                                      SHA-512:B9AFF314FE54AC677A0A01E287A7EF90A4B1F12EB5DCA0333ADD4E3ED32FE8AD1B9387830238450F6DD856CD3CEB79346D7C41A58AAEEBFF987DC060B5C9DC93
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....!.Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:45:51.....................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..j:.~0.......?8...9.{..m......k.Z.=....I...n......n.D.-.....d...".;.}..eU...............S.....x..b..#.?..\.+X....

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames07.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:46:06], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):89766
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.744983844382692
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:xOObgAp+NOObgAp+EN25yjSFhfWb6xM6aktmHaRNq5LpG1l30M/2bf:xJbgAp+NJbgAp+86ZFhfWb6xM67tgYNc
                                                                                                                                                                                                                                                                                      MD5:5A948EDE8668886E0B36D826B003FD65
                                                                                                                                                                                                                                                                                      SHA1:4331675533AD26C5B37E53FD73CE083CF02B1118
                                                                                                                                                                                                                                                                                      SHA-256:09DE66DF793888EF372A9EB9581086D98F0E8B64539486795AB54250B8E840BA
                                                                                                                                                                                                                                                                                      SHA-512:B14ED3262493E90279B27145A7CA9737F49C1451FED743D496F628D19999820516F02849728BC54A1ABF79D12CD18DC4172E04AD63430D349E472017439FBBE4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....&.Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:46:06.....................................................................................&.(................................%........H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..I%)$.IJN....6wm.$~t&I%(.@.....Ve.2.c2.....Hk..?;.$.R.Iju\,zzgG.....=.....Z..c.F....wcz{.R<n...121(........e..n..#k.z@.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames08.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:46:18], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):123333
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.805178019519202
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:grxFrxZNoLcSOsSbQCRNk3flgLZARjagzb7QYFiQl9Ufl1bTykswvSYjq:grbrlo9OspWNkvd8gkY/9Ud1Pykswq5
                                                                                                                                                                                                                                                                                      MD5:27F0B6828EA443F53563587B11964625
                                                                                                                                                                                                                                                                                      SHA1:E95F3D1AA037EC92B15AADD9AE00FCD8EBF68417
                                                                                                                                                                                                                                                                                      SHA-256:CA0DF2F628CE3E19F10614BCE7D870E65EA973134E8C9CFD94412CB3AEA828A5
                                                                                                                                                                                                                                                                                      SHA-512:5E591C036C3B9C4A99EE7F99E8FFBCCD2CFD97741054FFFD1E954C265162FFFBC09A8FF7612F42F1FEB7092ABCB34BCDA2C295E0FA9F43C53A2EFF432555E685
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H..../.Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:46:18.....................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..r...l..^.....:..u".u5.{.h..........X./..&.....=.Y.n....o.~...#.Gb0...9...)....V....#...l'eb............>.s.....Y.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames09.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:46:32], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):102784
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.772868008746402
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:NSwuiS+2TUiSwuiS+2TUWNn8PSv2Q80P1tb3S5J7/oQWnxLBpExdxkDjp63ZZqtz:2iTHiTK92aPDTs/obLBGzGUqtz
                                                                                                                                                                                                                                                                                      MD5:979A5C2157731DA24C854E7EB59E81DD
                                                                                                                                                                                                                                                                                      SHA1:6CE3096EFE86F85FA02CA2FF9C391AB62EB8C4C7
                                                                                                                                                                                                                                                                                      SHA-256:ED0379E33184D4AC09563B3051787F95B14C3E3771369D412F852673D543B89F
                                                                                                                                                                                                                                                                                      SHA-512:FB207D82D86762B5DEB1361018FFAE5D50BF135EFD1BB9CF3BC8C0A0742E4E1A2DF49756CB187E5C6D5D86476C4C5585806C271ED076BC4A036120D67E7E7EC4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....+TExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:46:32.....................................................................................&.(................................*........H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......{.-..Z......mpw.c?9......gD..WP....Si......2...EV5.4_M._]..5.O._...............v.+....[k..e.x.a`..?.\v...%.;..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames10.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:46:49], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):99359
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.771962467759407
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:R7SZpB7SZpaNISkhsmVA4F9lEug3Gsb9IiQzg4R4Fo7:R7SZD7SZ4CPA4FOG1zg4R4Fo7
                                                                                                                                                                                                                                                                                      MD5:34D61FD0DD316D439DA786D02B22ACBE
                                                                                                                                                                                                                                                                                      SHA1:8A31DCA5F716EC68AC91D0245081268BCD399A0E
                                                                                                                                                                                                                                                                                      SHA-256:ABD0F71B6E0C634B2900516B3BADE1F754F19394111E7D192101598AB450E8DE
                                                                                                                                                                                                                                                                                      SHA-512:FB340DAC6664040AA361E9652505347B96410BB398286E82BF15AED45BD51B38FF990E12936FE51845C2AA814BBCB6BDF2C1F9FB99EDA2D9006D0B3C2A143F5E
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....(yExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:46:49.....................................................................................&.(................................'C.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......qt6.%..?E...W..5.k.....Mckm...m-.}........5f_.}'....1v.U0:G^.......;$....m`..S:i.M.......'.......UJ........r...

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames11.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:47:10], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):118970
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.815639545614297
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:f6EcmWn6EcmWN1Ewvkn9+ibqZL+Vwz/Rmyd+E06/V:f6Ek6EUE4akfo69
                                                                                                                                                                                                                                                                                      MD5:99CFCD4ACE6967DB788B88FA20035ED5
                                                                                                                                                                                                                                                                                      SHA1:13146929CE65C6AB20E989E7CAAEC1C9BC120760
                                                                                                                                                                                                                                                                                      SHA-256:EB1AA05FF6E616345CB25D4D4B888E416A193341A255F3855C259D75C9237C68
                                                                                                                                                                                                                                                                                      SHA-512:8272DCF76A124A9468A5F23E6C7D805E47355B1801E1A9C10DA328AF5ADBA536E478B54585AD6C4D976E154E5531DAE4720CA7CA4A020AB7C94D49E888538CB1
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....1.Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:47:10.....................................................................................&.(................................0d.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...OD~[..^ki9.4.../...&.].....d6.K...<.....6.e...}..e.o.........U...-.....z?Mt.U..ct..N..l....\.........-U....g...O...

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames12.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:47:34], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):95695
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.7550616364323535
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:YbmuIFpCtOPbmuIFpCtO2NVTJDIRScFV1VKMg2TIa7weDL6GOrfJgfDXI42dPRZ:lFpc5FpcjVJcFVBRlweDLxOrBd42dPH
                                                                                                                                                                                                                                                                                      MD5:7E75EFED16FE95F8F87884C902B51F5A
                                                                                                                                                                                                                                                                                      SHA1:4F4C0E15F4E5A96A8F4DAA2D79CBAD90BE00C586
                                                                                                                                                                                                                                                                                      SHA-256:F78DBD8D8A33273E0E7818B77C4A99363B0972E4ABFA425806B9741A595F72AD
                                                                                                                                                                                                                                                                                      SHA-512:353F2EF09D0EBC4BA6C318CD1F074A4AF6AF3CC48FE9BEACFAF17A946F9C7DB20FE7184E7AA44DD1D8BCE474160DCC5857EC68A8E3A9809929EF0167CAC1FA9E
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....).Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:47:34.....................................................................................&.(................................(........H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..>.et.,...a.;..{q..==....V.7u..~..M.\..j....*...h...wY.X.z....Z.F.........O......<.....qj Y}....kw<.7s..o.{.....[.....

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames13.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:47:49], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):107711
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.7934075099036955
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:E/mO/m0bQTtZ7XVKwTdSMjsL3dZNvz7q2:6mEm5ZbItrdXz
                                                                                                                                                                                                                                                                                      MD5:1CBDDB514EC3852DEAEB1F1C57A5B8FF
                                                                                                                                                                                                                                                                                      SHA1:2A07261478556E28861CE92FBDAC183083E69641
                                                                                                                                                                                                                                                                                      SHA-256:16C3FA28B178D84CE08E818BF7140D5FD0CDE6A62C97A986A567BDD3D710D827
                                                                                                                                                                                                                                                                                      SHA-512:FD1C3D70D3D17B00DC2B8598F62ACEF7206084BC1F2D3B33B9C9723A835EED4C3F774F1508CAD6B980E5247AB53577900D1E99AAA7227A0F8F873FC09A972246
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....*.Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:47:49.....................................................................................&.(................................)........H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.o.=7=.....e..i9v.{....l..YN6..........l|.C..K7....n.../}XVfY.p..g....N..:.S.].#.....~....R.n.1..u+...c.M...o../..n#r

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames14.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:48:02], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):78596
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.696195286103881
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:i8+r8+CNPa3NVESeufeL8gCDAzeSYyjyukpv:/+g+mKNVYqeQgt6SYyK
                                                                                                                                                                                                                                                                                      MD5:5A1A5DB41277D37CEE083B12BE423BBE
                                                                                                                                                                                                                                                                                      SHA1:7D4E2A746D7B365B62450CCFAAD125DA80714B66
                                                                                                                                                                                                                                                                                      SHA-256:E178BBF24479B81CF6A7FA3F74649E1B922C5E621FA0448B03791FA14714B742
                                                                                                                                                                                                                                                                                      SHA-512:1AFC2727C40B0E2A0ABA564AC1E93F6E594A2ACEDE28999878EEF196428E1DAADEAB3601FFE2D802F704B0AAEF4B58E3FD52E2584D602B7E5B6C7DF5EEA2949B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....!.Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:48:02.....................................................................................&.(................................ q.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....[2.mUY.:.w..s.y.`-..#...S.6.dbU......Z..r=\..0....\.4..j.....'..Un..[...yw...:.o...]......,.~.}i..1..Z..s=,.r...W..h.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames15.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:48:14], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):77267
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.685856680638549
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:kjuptjupeNz56osLeBc81wR1cjUOEux9/LF+a55:guHuozeLeBc8MsEuxFFj55
                                                                                                                                                                                                                                                                                      MD5:E73E5283FF4F9C2D9FEB8193C010E055
                                                                                                                                                                                                                                                                                      SHA1:621C88868128410058110FBBF6561B38424D8B4C
                                                                                                                                                                                                                                                                                      SHA-256:A652063FD3B109F23A0652EDF254115747EB2BD692058412228BA814E9762F2A
                                                                                                                                                                                                                                                                                      SHA-512:6DBF103BF1C1365E444B4DBC3E6D1949C4EB9EB2788CC4FC64F2596457C2671BCAD53D3A51994D4AD38D3B4FC9CF959813D2EB8C9FC215FCA1A170699E9B28B9
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:48:14.....................................................................................&.(.................................c.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..}=7......*.S......k.w>...Z............5...f....>.........ul..X.u{.7...Lc.5}.......g..~....R..N..2.u45..h..`.......^.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames20.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 18:07:17], baseline, precision 8, 512x512, components 1
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):26583
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.926048823421124
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:xJUbizGUbiz77MWm9ABe+K48RzU25fjYTjLgjB:UCwm9As+KDUOIjLgF
                                                                                                                                                                                                                                                                                      MD5:C7A711B97446C16527E67EFF900BCD56
                                                                                                                                                                                                                                                                                      SHA1:D9F05340AE71604A024FBB8FC0977828FCF3B71F
                                                                                                                                                                                                                                                                                      SHA-256:014541A89758490B0FB7DD09AF530115568BF8E48824CA7710E402389DD7901E
                                                                                                                                                                                                                                                                                      SHA-512:EA978157C44723166AEE1AEA84FC2A4225124CC82501E64A5BC41F7F24416E7E09241A7AC02E8339430E7691884F283AB3414E234DBBA3908E03A89D1AC28F23
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 18:07:17.....................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..gS.I$...I$.$.........U...l.$2...Y.c.G....%3...[..d.8.2....^..16.....~.k.z....M....2...?f....o..?..?.....t....WO...

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames21.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 18:18:32], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):37368
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.0978365942082675
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:675/KCubOH5/KCubOq7guaJjz1QuNYNg7ynOagNdPR4+ufIrFVrbnkHr:67DueDul7gpNYyrBNj44VrbkHr
                                                                                                                                                                                                                                                                                      MD5:BD8E50188E3CC95D722B5D2AD27C3802
                                                                                                                                                                                                                                                                                      SHA1:065D9924AAE064B6471B719D0E25B3E02E32F620
                                                                                                                                                                                                                                                                                      SHA-256:8967E678BAFD94B6471B2129207DDFC32EBCDAEED6C649E1C91C2E30BB8ADB3C
                                                                                                                                                                                                                                                                                      SHA-512:EDE55C3FA6516F26F984C76029FFFBCACCA9E06E8BE425FF5E9AB4FEFF9A4C3E0880F2D6AA28371701C4206D7BCBC8F8409DBE15876E03699083A97893D0D1B0
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H.....uExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 18:18:32.....................................................................................&.(.................................?.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..I%)$.IJI%..?.o...:.f5p........W.....%2...+..h...`ck..W.....Z..v.c.....W...[.}Z.n/S..P.S}guV...+!.C..{Yk?s.....oM

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames22.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 18:18:45], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):39182
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.1752689838491115
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:gaF3Ix8F3IxF7sualjz1EJNYNg7yQQteLfk66qG+poQxohsJEpdQ6Vi:gs3ym3yF7sSNYyH+6zvMi4/Vi
                                                                                                                                                                                                                                                                                      MD5:5E596EA60CF91D7D9B2F546D4F6F7E2B
                                                                                                                                                                                                                                                                                      SHA1:6A5622E1458F76AB79ED1CCCF409FF2E9FAAD699
                                                                                                                                                                                                                                                                                      SHA-256:DD65ED2CBB7B6AA19CE9AD6C1944DF5CB974EFD2D99B2C1F6DA935DDABF17CA4
                                                                                                                                                                                                                                                                                      SHA-512:3EBD3E5E7491DBFE6229FD7CB9EDB65DC67698887EDB05CFCD2BCED68BC63BB9716F7EF6C98B123C1BE61E754BCB86067097AB12965263DA06E39CCE5AB6CCEE
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H.....@Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 18:18:45.....................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..I%)$..t?.A.:.H..;..A.c-.1....w.>..cZ~.+..1%>~........b..X....n.!...p....zx......[.U._.3H-$..hAIJI$.R.J.O`.JRK.......g

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames23.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 18:28:44], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):72922
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.686032543026749
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:TH3Wk6E5xM9H3Wk6E5xM7N8LmzUq0UyCWqf6LFnrJ4njQi:7G65xM9G65xMR/zU9UW/LxJ4njR
                                                                                                                                                                                                                                                                                      MD5:72ADC589F21E81D39D3E664FB747CB72
                                                                                                                                                                                                                                                                                      SHA1:2D72636674197C994C836ADEC4E37220897618ED
                                                                                                                                                                                                                                                                                      SHA-256:A603803422F7454475498BA6E265F49CCF691862227CE5D9A343678697290F43
                                                                                                                                                                                                                                                                                      SHA-512:094B79613C93D27E48B92BB84540924B28982E0E50CD191A54B56E10CC94535A372089C0EE3F813069FAD799D66F5548646A8A3CEA769CCF2E70932E339BB698
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 18:28:44.....................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..T.I%)$.IJI$.R.I$...;H....O.D.6V....hs.!.:..Jk?.`.N..6........`dz..N.....A......_U0...q....CX=.;k...W{^....vP..._.}>..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames24.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 18:34:33], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):64614
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.615347980384966
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:DxiP+AiP+h7onNYy2eKdu2PTM7gwyZFSXRwYjXC5MkhrGYgpai6JxNK:tiPZiP1NEdrPT6z1jYrEv4NK
                                                                                                                                                                                                                                                                                      MD5:607D3635385954384C52D728A87427E4
                                                                                                                                                                                                                                                                                      SHA1:EDC78814A58A283306DAA877E40AEB95BA5B195D
                                                                                                                                                                                                                                                                                      SHA-256:A4514138AB12BC82AC3359093518087E6AA2E84013E250655A28A9C9109D38D6
                                                                                                                                                                                                                                                                                      SHA-512:6C29C7BBB2A65124A87F8E1CFC6DB891BFFC799FD14E6CC561ED9B96BEFF8E0FF9E2E81D4B79D5FFB5A9ABB0F084FE45036106119BFFE6CA55384D0EBF2831EE
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H.....]Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 18:34:33.....................................................................................&.(.................................'.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..T.I%).'...};......{.....HY=Pu.....-....Z...Kv.......&6...IM..U}m..9 ....d.m..m.....>...Y.X.9.Q..a..e.4.......7..o.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames25.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 18:42:07], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):55400
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.5133881155584215
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:8Ly85anJy85anq7FNNYy6muHJpiSxTceZZyUTNjQs4ajZ1kkZ44SIFohmeZ:1nunmNWmuviSxTpr74ajtbSMoB
                                                                                                                                                                                                                                                                                      MD5:8C253BF20D9C04C3BF49428958A3042C
                                                                                                                                                                                                                                                                                      SHA1:B749B25EE2572BAF360EF338C88CB5C01DE923C0
                                                                                                                                                                                                                                                                                      SHA-256:1AF2719C7E467224DAB7EDF2D4A3C3CFE753FE2E31A7EAE319596B7224514D19
                                                                                                                                                                                                                                                                                      SHA-512:2A128DB927EAE803E5F5A563209153DB19970A211421B6D5F896DCDD7F3D77B4ADC142400D1F2CD0E54981687D0A55C88F8C7F245B08CE863890AD99999E1F68
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 18:42:07.....................................................................................&.(.................................u.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..T.I%)$.IJI$.R.I$.....:.P.~...7...j......]_..Kss...A.ama.Ck~K.W}..W.P..?..J.m..FS..uW]e............../."Jz...../1.'..E._..+

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames26.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:25 09:57:46], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):60069
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.597622891462506
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:LyBOyBXNDqfIMPdoDHkI1SjgwsQuQ560gF:LyMyjuQIal+gwsfQEd
                                                                                                                                                                                                                                                                                      MD5:D1545AB33623AF2EB23F26E70DE28C1A
                                                                                                                                                                                                                                                                                      SHA1:D4FCC3C813405FC096586420ADFDDE976F5EA9DD
                                                                                                                                                                                                                                                                                      SHA-256:65A2802636C59DA02A0B8B513658C7795DB98EBE594E7A27BB2030704B904572
                                                                                                                                                                                                                                                                                      SHA-512:ECA0EE65AF51B5FE1AFCA2DD48306358F50997CCC57430CD01E7988896827776708EBAE4EA01BC51DA1AD34CCD3D559298F8E5693E44470AD5951AB909F3CDE8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:25 09:57:46.....................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..T.I%)$.??.b`S....j..HG.X....!..S}.kZ\..n......^.I'@.....>..n.l.}.0I.6.A..m.o..s.....4?.W..~!. 1...\.k..m^.z.k...?...y4Z

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames27.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, comment: "Comment", baseline, precision 8, 600x800, components 1
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):46178
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.87960925426993
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:uSNvpE7g9YATaA9oeVqH47/ToiMqxnPZvVWe+1kDCLSQEeUxMV2kNV2P:uepkcYAZoeVqH47boijnx5HeLaxiC
                                                                                                                                                                                                                                                                                      MD5:280BB37702A48A3B848495B29C0EAA6B
                                                                                                                                                                                                                                                                                      SHA1:E625597FD90AE1E1E8C81178C251FE605D50F300
                                                                                                                                                                                                                                                                                      SHA-256:BE048EAC3373B38C59973D550E12D6D6B718C1C58B019D6AD02D19AA4CAE4E0C
                                                                                                                                                                                                                                                                                      SHA-512:E71CF46428188EF42D3A630B95E61B49AD561DBB3D93F80ECF8826F98061007D4492372C6767C879999034E205E5F0F543C2554C7843E707042EF922CAB28E0A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H......Comment.....C....................................................................... .X.........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.................................................................................?.....(.G.Hp.5di.yl.HU.qU.L;Sv.z[.....+[H.T.D`.......}*.........\g.YT..V#.%M..0...D.pF..>.Y...)8.WF.tW!..*.....u ...)(..[i771..l#.w......E..M?.n...S*[{g.b.2E_O._.3..'......-..7..H...*GZJ....pz.E(RA=..h.})0}).&#8.`.QEX....q.IU.qP0..u.%.R..8.4:...)(....(..i.".(.h....M!...(....r!f....C..C../.zF..$.m^.A*...{.|..W..O.:........$...r..q.....dW)6.,2.?.u~..._.B....L.....5o.R...#D@U...1t..F.u^.....-.a..........^xi[..a9.../.x1.?...F.gbX.>C..zW).......<..._jP..1.i..6....."2.;.8.;..v..+...8'..._.[5..(?.zW.x.JQ.?..L.+......*..'..\....D....8.]._..ukx...FF?{`..^./...h.a.....c...#..ku.*.lu...S......3...;....V>(.U.......>....R.'........lt

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames28.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:25 10:05:53], baseline, precision 8, 512x512, components 1
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):70818
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.768792561962233
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:c4346O2U24U6eXNh4MJNzyoYwkTWUdYUlgVA:bIX294PeoMJNzy+kTWUdYUuS
                                                                                                                                                                                                                                                                                      MD5:4C3FEB701B55AC8CF6A469C675B86ABD
                                                                                                                                                                                                                                                                                      SHA1:31B320C356ED5DA383FD75A9110FC1B6D644AE77
                                                                                                                                                                                                                                                                                      SHA-256:E68F7617B16AD5D7898D24723CC24A775E22CC6D90F4EA1E7926EA1B4042CF23
                                                                                                                                                                                                                                                                                      SHA-512:3DC946A1A8723A46BC7EAE0180A97539617BBF83208E0195DE000E778E6718DB2FCEEC3F781D74CC45DE7E65EED53AB104CC64FAEDB03280A2526E77BB661B38
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:25 10:05:53.....................................................................................&.(.................................r.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..:U.%.V.....u..h.w.....e..I....h./..r.......vW..X....[..6.}..Y.M....U6W.e...G....]]n...5..X..Q.......s?.zu..........M...

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames29.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:25 10:08:06], baseline, precision 8, 512x512, components 1
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):83175
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.771716718739004
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:T67BgkPr67BgkPxFoGwlsDose7WFqredB87Ts3+q0IPItWWKN+6cNjGA4ud:WBgjBgco87gWFqSdvzFA0e6c5lTd
                                                                                                                                                                                                                                                                                      MD5:7C3D6396F93C099B16C3F957B52D4182
                                                                                                                                                                                                                                                                                      SHA1:7F574D6E3344DCA44B5B9B50BBA519D760E73FDB
                                                                                                                                                                                                                                                                                      SHA-256:B0A9A94E0524D2193F2EC6804C365E12373782E4F4C671C3A2C0371B8365A337
                                                                                                                                                                                                                                                                                      SHA-512:BC3A22C1857B34E656348388A3F8E26A29A19801779EACE88C9EB5FC6528932DD4971492079F5306BAA714413C8E790C83CC47C9807DCCEC44DB75B1AB0AACF9
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....".Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:25 10:08:06.....................................................................................&.(................................!Z.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..h...9.2.y..>..w...F.].=.....&6.v........P...rG.v......g.?.H..)..}2.u.0.7..X.cq.E......_..m.z.z.g...=E.}K...^..a.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\Frames30.jpg (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:25 10:09:19], baseline, precision 8, 512x512, components 1
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):50525
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.639039260244962
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:eRrjfGf5CjqrrjfGf5Cjqp7QgaUv4cqFhddH40ub/5oHhdtUQHEG88bKwhgQo:krnsrnKTgFhLY5edmQHLmwhgp
                                                                                                                                                                                                                                                                                      MD5:4CF1F39751039CF6508947193E84BF3E
                                                                                                                                                                                                                                                                                      SHA1:95094CDF9E661AFDDD0997FC20F7800D3DA6E457
                                                                                                                                                                                                                                                                                      SHA-256:4031CE539626A0E349A84F6D8FBA4486A69ECC54DC6B27B343A856B500142D90
                                                                                                                                                                                                                                                                                      SHA-512:46574DFCE31EE9B55F72F3BAAA067772D8E90F6AF2413470EFB30C3DC1B4AF6D9504443F602FF0839C1C6FFFBA4E7A8492E8014589E9D7735D1CD3FB715EE565
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:25 10:09:19.....................................................................................&.(.................................].......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...gNvu...:64......m...pi._...Ko..?1K....;:.....{!..a.V+.{....'.-v..L.<.w..P.........=.).[.H....@..#...R=.j.#.".....l.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-18VQ3.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:45:12], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):109385
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.7871347758187675
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:b2LeS2LeXMHsRjw+rm2wDezQ0yUTTXB8jiPD:b2LeS2LeUsR0+qxDeEqf6iL
                                                                                                                                                                                                                                                                                      MD5:0824FEC01DC90C1B824D4F9627D917D0
                                                                                                                                                                                                                                                                                      SHA1:E8A04138C6811A1F7947005F4F07B06D37E7924B
                                                                                                                                                                                                                                                                                      SHA-256:124C98559A291DBD9C8233C01209B769BEA513E45F898569DA47A427F694FF06
                                                                                                                                                                                                                                                                                      SHA-512:7503BA02EBFE62150E6167DA0F8554B2927939D2B2BE46F71AC5D883136FD1C6EE055B6B6C7656541C9436151ADF4E7E4F98A0ABDB1702F397C0C4B0CE736ED0
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....1.Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:45:12.....................................................................................&.(................................/........H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?........k.....f..o{...}..o%.R......Y.k.....4..B.Z6e.........0r..1.k.c=g..A...*..G..(.x5.{...f(m..=.8;m.im-;.}{..S[..#..).

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-5CC1Q.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:46:32], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):102784
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.772868008746402
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:NSwuiS+2TUiSwuiS+2TUWNn8PSv2Q80P1tb3S5J7/oQWnxLBpExdxkDjp63ZZqtz:2iTHiTK92aPDTs/obLBGzGUqtz
                                                                                                                                                                                                                                                                                      MD5:979A5C2157731DA24C854E7EB59E81DD
                                                                                                                                                                                                                                                                                      SHA1:6CE3096EFE86F85FA02CA2FF9C391AB62EB8C4C7
                                                                                                                                                                                                                                                                                      SHA-256:ED0379E33184D4AC09563B3051787F95B14C3E3771369D412F852673D543B89F
                                                                                                                                                                                                                                                                                      SHA-512:FB207D82D86762B5DEB1361018FFAE5D50BF135EFD1BB9CF3BC8C0A0742E4E1A2DF49756CB187E5C6D5D86476C4C5585806C271ED076BC4A036120D67E7E7EC4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....+TExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:46:32.....................................................................................&.(................................*........H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......{.-..Z......mpw.c?9......gD..WP....Si......2...EV5.4_M._]..5.O._...............v.+....[k..e.x.a`..?.\v...%.;..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-5DIFJ.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:45:39], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):102165
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.776500804562673
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:EXOmHXOmCo36f9CSJM9HN/88QPwj1YVZ88wPL4r:27A9xge7ZvwD8
                                                                                                                                                                                                                                                                                      MD5:3AAA3F424097316D8CA6F07F4B2C179B
                                                                                                                                                                                                                                                                                      SHA1:E4E469493B67ABA0FBAFAD5E6696635298B16722
                                                                                                                                                                                                                                                                                      SHA-256:22D1952DD2D066BE4553AB4FD020773D7CC2FF44441CF6D20F9D01A55F67AE03
                                                                                                                                                                                                                                                                                      SHA-512:D990F8D4F4D0B893EA9C7A9478A6C9C3B87919F8902CFBC01E62BCBD2919267386229CD876CAAAA54D180B3AA601D502F73482C4CD180FC3F8B8252B9356FC72
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....+.Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:45:39.....................................................................................&.(................................*o.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H....(.*....m...1.cT...+.c.o.g..B...d3......o.....ZbW.0......YA...2..l~E..;..w...i.....]......1:M.U..~.j........c

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-6NSM5.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 18:28:44], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):72922
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.686032543026749
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:TH3Wk6E5xM9H3Wk6E5xM7N8LmzUq0UyCWqf6LFnrJ4njQi:7G65xM9G65xMR/zU9UW/LxJ4njR
                                                                                                                                                                                                                                                                                      MD5:72ADC589F21E81D39D3E664FB747CB72
                                                                                                                                                                                                                                                                                      SHA1:2D72636674197C994C836ADEC4E37220897618ED
                                                                                                                                                                                                                                                                                      SHA-256:A603803422F7454475498BA6E265F49CCF691862227CE5D9A343678697290F43
                                                                                                                                                                                                                                                                                      SHA-512:094B79613C93D27E48B92BB84540924B28982E0E50CD191A54B56E10CC94535A372089C0EE3F813069FAD799D66F5548646A8A3CEA769CCF2E70932E339BB698
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 18:28:44.....................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..T.I%)$.IJI$.R.I$...;H....O.D.6V....hs.!.:..Jk?.`.N..6........`dz..N.....A......_U0...q....CX=.;k...W{^....vP..._.}>..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-9IMPU.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:44:58], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):115103
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.802344482607245
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:rSnSwC3HQHfjWnlp2RvQjVRIE4MIzqNQf8:73w/jWlC4BM3z2QE
                                                                                                                                                                                                                                                                                      MD5:69E152A52E92449CF4DF3CEE89AAA1E2
                                                                                                                                                                                                                                                                                      SHA1:DC23017E30AB56049D3BE01EE6FC28E647C9B4E8
                                                                                                                                                                                                                                                                                      SHA-256:AB31E7D9F48E2B954EC05AA13738F3868927DC84C524A0BE0A0914C4654C5829
                                                                                                                                                                                                                                                                                      SHA-512:B3CBD068A193ABEBE01A99019A083F8E980F0AC14191903828822B16D272B9E24FFB8E4D546AE08EEB18446C7C9455950A4B5B3694085BE0A6EEF2E7A2F24FE4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....0{Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:44:58.....................................................................................&.(................................/E.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...F3.e.?3.u.]...a<;!.s......../P.V.J.....I..1..7..Vcz8....V=<f.M...E.~^...........+...y`.....`...~KDbg..W.V{2...f...

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-AHR28.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:46:49], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):99359
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.771962467759407
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:R7SZpB7SZpaNISkhsmVA4F9lEug3Gsb9IiQzg4R4Fo7:R7SZD7SZ4CPA4FOG1zg4R4Fo7
                                                                                                                                                                                                                                                                                      MD5:34D61FD0DD316D439DA786D02B22ACBE
                                                                                                                                                                                                                                                                                      SHA1:8A31DCA5F716EC68AC91D0245081268BCD399A0E
                                                                                                                                                                                                                                                                                      SHA-256:ABD0F71B6E0C634B2900516B3BADE1F754F19394111E7D192101598AB450E8DE
                                                                                                                                                                                                                                                                                      SHA-512:FB340DAC6664040AA361E9652505347B96410BB398286E82BF15AED45BD51B38FF990E12936FE51845C2AA814BBCB6BDF2C1F9FB99EDA2D9006D0B3C2A143F5E
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....(yExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:46:49.....................................................................................&.(................................'C.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......qt6.%..?E...W..5.k.....Mckm...m-.}........5f_.}'....1v.U0:G^.......;$....m`..S:i.M.......'.......UJ........r...

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-B6LQI.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:46:18], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):123333
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.805178019519202
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:grxFrxZNoLcSOsSbQCRNk3flgLZARjagzb7QYFiQl9Ufl1bTykswvSYjq:grbrlo9OspWNkvd8gkY/9Ud1Pykswq5
                                                                                                                                                                                                                                                                                      MD5:27F0B6828EA443F53563587B11964625
                                                                                                                                                                                                                                                                                      SHA1:E95F3D1AA037EC92B15AADD9AE00FCD8EBF68417
                                                                                                                                                                                                                                                                                      SHA-256:CA0DF2F628CE3E19F10614BCE7D870E65EA973134E8C9CFD94412CB3AEA828A5
                                                                                                                                                                                                                                                                                      SHA-512:5E591C036C3B9C4A99EE7F99E8FFBCCD2CFD97741054FFFD1E954C265162FFFBC09A8FF7612F42F1FEB7092ABCB34BCDA2C295E0FA9F43C53A2EFF432555E685
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H..../.Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:46:18.....................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..r...l..^.....:..u".u5.{.h..........X./..&.....=.Y.n....o.~...#.Gb0...9...)....V....#...l'eb............>.s.....Y.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-C7T6I.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, comment: "Comment", baseline, precision 8, 600x800, components 1
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):46178
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.87960925426993
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:uSNvpE7g9YATaA9oeVqH47/ToiMqxnPZvVWe+1kDCLSQEeUxMV2kNV2P:uepkcYAZoeVqH47boijnx5HeLaxiC
                                                                                                                                                                                                                                                                                      MD5:280BB37702A48A3B848495B29C0EAA6B
                                                                                                                                                                                                                                                                                      SHA1:E625597FD90AE1E1E8C81178C251FE605D50F300
                                                                                                                                                                                                                                                                                      SHA-256:BE048EAC3373B38C59973D550E12D6D6B718C1C58B019D6AD02D19AA4CAE4E0C
                                                                                                                                                                                                                                                                                      SHA-512:E71CF46428188EF42D3A630B95E61B49AD561DBB3D93F80ECF8826F98061007D4492372C6767C879999034E205E5F0F543C2554C7843E707042EF922CAB28E0A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H......Comment.....C....................................................................... .X.........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.................................................................................?.....(.G.Hp.5di.yl.HU.qU.L;Sv.z[.....+[H.T.D`.......}*.........\g.YT..V#.%M..0...D.pF..>.Y...)8.WF.tW!..*.....u ...)(..[i771..l#.w......E..M?.n...S*[{g.b.2E_O._.3..'......-..7..H...*GZJ....pz.E(RA=..h.})0}).&#8.`.QEX....q.IU.qP0..u.%.R..8.4:...)(....(..i.".(.h....M!...(....r!f....C..C../.zF..$.m^.A*...{.|..W..O.:........$...r..q.....dW)6.,2.?.u~..._.B....L.....5o.R...#D@U...1t..F.u^.....-.a..........^xi[..a9.../.x1.?...F.gbX.>C..zW).......<..._jP..1.i..6....."2.;.8.;..v..+...8'..._.[5..(?.zW.x.JQ.?..L.+......*..'..\....D....8.]._..ukx...FF?{`..^./...h.a.....c...#..ku.*.lu...S......3...;....V>(.U.......>....R.'........lt

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-CEO54.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:45:26], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):65862
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.6064966066236295
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:2CjpKMHBjpKMHV7QFNYy7+AG0kTvhXLzK+D4OEz7e7tw0x0Y5/QqkJztcFMipJcJ:wkykEN+ThXLzNDoz67tNRu3ltcKipJcJ
                                                                                                                                                                                                                                                                                      MD5:603ACEDAF17B7128A6FABFD517519EF6
                                                                                                                                                                                                                                                                                      SHA1:19FC76D105F378DFE2499935EFBD2D236105CCE5
                                                                                                                                                                                                                                                                                      SHA-256:3C4FFE73FE221D58F350543101608279184FCBD52C867C072722F8F3A9FA8182
                                                                                                                                                                                                                                                                                      SHA-512:44960F5A54F73081AAAD03D9CFEBE2458B79F6F32DACD149ADE27B9896DEFF04EEEDFEF1D1ED239A7706A726019F75BD22CFAC32B4A8594BB27E22E70035FA33
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H.....TExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:45:26.....................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..I%)$...{......h.I>.%,..~.}B......<oK......]G....Yw..?C]......=e.#?..c.......X.F...IO.........U..Y.7'5...dz.o.-v....zO.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-D8N19.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:47:34], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):95695
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.7550616364323535
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:YbmuIFpCtOPbmuIFpCtO2NVTJDIRScFV1VKMg2TIa7weDL6GOrfJgfDXI42dPRZ:lFpc5FpcjVJcFVBRlweDLxOrBd42dPH
                                                                                                                                                                                                                                                                                      MD5:7E75EFED16FE95F8F87884C902B51F5A
                                                                                                                                                                                                                                                                                      SHA1:4F4C0E15F4E5A96A8F4DAA2D79CBAD90BE00C586
                                                                                                                                                                                                                                                                                      SHA-256:F78DBD8D8A33273E0E7818B77C4A99363B0972E4ABFA425806B9741A595F72AD
                                                                                                                                                                                                                                                                                      SHA-512:353F2EF09D0EBC4BA6C318CD1F074A4AF6AF3CC48FE9BEACFAF17A946F9C7DB20FE7184E7AA44DD1D8BCE474160DCC5857EC68A8E3A9809929EF0167CAC1FA9E
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....).Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:47:34.....................................................................................&.(................................(........H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..>.et.,...a.;..{q..==....V.7u..~..M.\..j....*...h...wY.X.z....Z.F.........O......<.....qj Y}....kw<.7s..o.{.....[.....

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-DQK5E.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 18:42:07], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):55400
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.5133881155584215
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:8Ly85anJy85anq7FNNYy6muHJpiSxTceZZyUTNjQs4ajZ1kkZ44SIFohmeZ:1nunmNWmuviSxTpr74ajtbSMoB
                                                                                                                                                                                                                                                                                      MD5:8C253BF20D9C04C3BF49428958A3042C
                                                                                                                                                                                                                                                                                      SHA1:B749B25EE2572BAF360EF338C88CB5C01DE923C0
                                                                                                                                                                                                                                                                                      SHA-256:1AF2719C7E467224DAB7EDF2D4A3C3CFE753FE2E31A7EAE319596B7224514D19
                                                                                                                                                                                                                                                                                      SHA-512:2A128DB927EAE803E5F5A563209153DB19970A211421B6D5F896DCDD7F3D77B4ADC142400D1F2CD0E54981687D0A55C88F8C7F245B08CE863890AD99999E1F68
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 18:42:07.....................................................................................&.(.................................u.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..T.I%)$.IJI$.R.I$.....:.P.~...7...j......]_..Kss...A.ama.Ck~K.W}..W.P..?..J.m..FS..uW]e............../."Jz...../1.'..E._..+

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-FD145.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:45:51], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):75639
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.682170198725773
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:SakZIuHXqakZIuHXCN7VpAggbApP92tq6IsuflQkeE15qYglT0p6z1:cf3kf3mEgyAn2tmlQkeE15/rp6z1
                                                                                                                                                                                                                                                                                      MD5:E9D504BE4FF52626F78393F4225D4A78
                                                                                                                                                                                                                                                                                      SHA1:256AE26994ABA7F77370A775038F35992E06F024
                                                                                                                                                                                                                                                                                      SHA-256:8A3330DEF05CB70432819C6500BC2A48D9F31FF547A2DB914A88C518B5F57D01
                                                                                                                                                                                                                                                                                      SHA-512:B9AFF314FE54AC677A0A01E287A7EF90A4B1F12EB5DCA0333ADD4E3ED32FE8AD1B9387830238450F6DD856CD3CEB79346D7C41A58AAEEBFF987DC060B5C9DC93
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....!.Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:45:51.....................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..j:.~0.......?8...9.{..m......k.Z.=....I...n......n.D.-.....d...".;.}..eU...............S.....x..b..#.?..\.+X....

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-FUDHN.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:47:10], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):118970
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.815639545614297
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:f6EcmWn6EcmWN1Ewvkn9+ibqZL+Vwz/Rmyd+E06/V:f6Ek6EUE4akfo69
                                                                                                                                                                                                                                                                                      MD5:99CFCD4ACE6967DB788B88FA20035ED5
                                                                                                                                                                                                                                                                                      SHA1:13146929CE65C6AB20E989E7CAAEC1C9BC120760
                                                                                                                                                                                                                                                                                      SHA-256:EB1AA05FF6E616345CB25D4D4B888E416A193341A255F3855C259D75C9237C68
                                                                                                                                                                                                                                                                                      SHA-512:8272DCF76A124A9468A5F23E6C7D805E47355B1801E1A9C10DA328AF5ADBA536E478B54585AD6C4D976E154E5531DAE4720CA7CA4A020AB7C94D49E888538CB1
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....1.Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:47:10.....................................................................................&.(................................0d.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...OD~[..^ki9.4.../...&.].....d6.K...<.....6.e...}..e.o.........U...-.....z?Mt.U..ct..N..l....\.........-U....g...O...

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-GK2D5.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 18:18:45], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):39182
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.1752689838491115
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:gaF3Ix8F3IxF7sualjz1EJNYNg7yQQteLfk66qG+poQxohsJEpdQ6Vi:gs3ym3yF7sSNYyH+6zvMi4/Vi
                                                                                                                                                                                                                                                                                      MD5:5E596EA60CF91D7D9B2F546D4F6F7E2B
                                                                                                                                                                                                                                                                                      SHA1:6A5622E1458F76AB79ED1CCCF409FF2E9FAAD699
                                                                                                                                                                                                                                                                                      SHA-256:DD65ED2CBB7B6AA19CE9AD6C1944DF5CB974EFD2D99B2C1F6DA935DDABF17CA4
                                                                                                                                                                                                                                                                                      SHA-512:3EBD3E5E7491DBFE6229FD7CB9EDB65DC67698887EDB05CFCD2BCED68BC63BB9716F7EF6C98B123C1BE61E754BCB86067097AB12965263DA06E39CCE5AB6CCEE
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H.....@Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 18:18:45.....................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..I%)$..t?.A.:.H..;..A.c-.1....w.>..cZ~.+..1%>~........b..X....n.!...p....zx......[.U._.3H-$..hAIJI$.R.J.O`.JRK.......g

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-GOHAG.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:25 10:05:53], baseline, precision 8, 512x512, components 1
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):70818
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.768792561962233
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:c4346O2U24U6eXNh4MJNzyoYwkTWUdYUlgVA:bIX294PeoMJNzy+kTWUdYUuS
                                                                                                                                                                                                                                                                                      MD5:4C3FEB701B55AC8CF6A469C675B86ABD
                                                                                                                                                                                                                                                                                      SHA1:31B320C356ED5DA383FD75A9110FC1B6D644AE77
                                                                                                                                                                                                                                                                                      SHA-256:E68F7617B16AD5D7898D24723CC24A775E22CC6D90F4EA1E7926EA1B4042CF23
                                                                                                                                                                                                                                                                                      SHA-512:3DC946A1A8723A46BC7EAE0180A97539617BBF83208E0195DE000E778E6718DB2FCEEC3F781D74CC45DE7E65EED53AB104CC64FAEDB03280A2526E77BB661B38
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:25 10:05:53.....................................................................................&.(.................................r.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..:U.%.V.....u..h.w.....e..I....h./..r.......vW..X....[..6.}..Y.M....U6W.e...G....]]n...5..X..Q.......s?.zu..........M...

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-HTMTG.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 18:34:33], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):64614
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.615347980384966
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:DxiP+AiP+h7onNYy2eKdu2PTM7gwyZFSXRwYjXC5MkhrGYgpai6JxNK:tiPZiP1NEdrPT6z1jYrEv4NK
                                                                                                                                                                                                                                                                                      MD5:607D3635385954384C52D728A87427E4
                                                                                                                                                                                                                                                                                      SHA1:EDC78814A58A283306DAA877E40AEB95BA5B195D
                                                                                                                                                                                                                                                                                      SHA-256:A4514138AB12BC82AC3359093518087E6AA2E84013E250655A28A9C9109D38D6
                                                                                                                                                                                                                                                                                      SHA-512:6C29C7BBB2A65124A87F8E1CFC6DB891BFFC799FD14E6CC561ED9B96BEFF8E0FF9E2E81D4B79D5FFB5A9ABB0F084FE45036106119BFFE6CA55384D0EBF2831EE
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H.....]Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 18:34:33.....................................................................................&.(.................................'.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..T.I%).'...};......{.....HY=Pu.....-....Z...Kv.......&6...IM..U}m..9 ....d.m..m.....>...Y.X.9.Q..a..e.4.......7..o.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-ICMF0.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 18:07:17], baseline, precision 8, 512x512, components 1
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):26583
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.926048823421124
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:xJUbizGUbiz77MWm9ABe+K48RzU25fjYTjLgjB:UCwm9As+KDUOIjLgF
                                                                                                                                                                                                                                                                                      MD5:C7A711B97446C16527E67EFF900BCD56
                                                                                                                                                                                                                                                                                      SHA1:D9F05340AE71604A024FBB8FC0977828FCF3B71F
                                                                                                                                                                                                                                                                                      SHA-256:014541A89758490B0FB7DD09AF530115568BF8E48824CA7710E402389DD7901E
                                                                                                                                                                                                                                                                                      SHA-512:EA978157C44723166AEE1AEA84FC2A4225124CC82501E64A5BC41F7F24416E7E09241A7AC02E8339430E7691884F283AB3414E234DBBA3908E03A89D1AC28F23
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 18:07:17.....................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..gS.I$...I$.$.........U...l.$2...Y.c.G....%3...[..d.8.2....^..16.....~.k.z....M....2...?f....o..?..?.....t....WO...

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-ID9C6.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:46:06], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):89766
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.744983844382692
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:xOObgAp+NOObgAp+EN25yjSFhfWb6xM6aktmHaRNq5LpG1l30M/2bf:xJbgAp+NJbgAp+86ZFhfWb6xM67tgYNc
                                                                                                                                                                                                                                                                                      MD5:5A948EDE8668886E0B36D826B003FD65
                                                                                                                                                                                                                                                                                      SHA1:4331675533AD26C5B37E53FD73CE083CF02B1118
                                                                                                                                                                                                                                                                                      SHA-256:09DE66DF793888EF372A9EB9581086D98F0E8B64539486795AB54250B8E840BA
                                                                                                                                                                                                                                                                                      SHA-512:B14ED3262493E90279B27145A7CA9737F49C1451FED743D496F628D19999820516F02849728BC54A1ABF79D12CD18DC4172E04AD63430D349E472017439FBBE4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....&.Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:46:06.....................................................................................&.(................................%........H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..I%)$.IJN....6wm.$~t&I%(.@.....Ve.2.c2.....Hk..?;.$.R.Iju\,zzgG.....=.....Z..c.F....wcz{.R<n...121(........e..n..#k.z@.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-IJPLF.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:48:14], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):77267
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.685856680638549
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:kjuptjupeNz56osLeBc81wR1cjUOEux9/LF+a55:guHuozeLeBc8MsEuxFFj55
                                                                                                                                                                                                                                                                                      MD5:E73E5283FF4F9C2D9FEB8193C010E055
                                                                                                                                                                                                                                                                                      SHA1:621C88868128410058110FBBF6561B38424D8B4C
                                                                                                                                                                                                                                                                                      SHA-256:A652063FD3B109F23A0652EDF254115747EB2BD692058412228BA814E9762F2A
                                                                                                                                                                                                                                                                                      SHA-512:6DBF103BF1C1365E444B4DBC3E6D1949C4EB9EB2788CC4FC64F2596457C2671BCAD53D3A51994D4AD38D3B4FC9CF959813D2EB8C9FC215FCA1A170699E9B28B9
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:48:14.....................................................................................&.(.................................c.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..}=7......*.S......k.w>...Z............5...f....>.........ul..X.u{.7...Lc.5}.......g..~....R..N..2.u45..h..`.......^.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-J2D8J.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:25 10:09:19], baseline, precision 8, 512x512, components 1
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):50525
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.639039260244962
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:eRrjfGf5CjqrrjfGf5Cjqp7QgaUv4cqFhddH40ub/5oHhdtUQHEG88bKwhgQo:krnsrnKTgFhLY5edmQHLmwhgp
                                                                                                                                                                                                                                                                                      MD5:4CF1F39751039CF6508947193E84BF3E
                                                                                                                                                                                                                                                                                      SHA1:95094CDF9E661AFDDD0997FC20F7800D3DA6E457
                                                                                                                                                                                                                                                                                      SHA-256:4031CE539626A0E349A84F6D8FBA4486A69ECC54DC6B27B343A856B500142D90
                                                                                                                                                                                                                                                                                      SHA-512:46574DFCE31EE9B55F72F3BAAA067772D8E90F6AF2413470EFB30C3DC1B4AF6D9504443F602FF0839C1C6FFFBA4E7A8492E8014589E9D7735D1CD3FB715EE565
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:25 10:09:19.....................................................................................&.(.................................].......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...gNvu...:64......m...pi._...Ko..?1K....;:.....{!..a.V+.{....'.-v..L.<.w..P.........=.).[.H....@..#...R=.j.#.".....l.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-OF8AU.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:44:41], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):115249
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.811644868764116
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:tlBylBweI83zZ+lDW2nwD9UfSBAvyVeNkxA2r:C31+lHwufWmC0ir
                                                                                                                                                                                                                                                                                      MD5:F80C90560ABC2C7C3F6D5AD4EFA5FF3D
                                                                                                                                                                                                                                                                                      SHA1:5ABB063406ABF714ADD177B492A7928D9C8AAB3D
                                                                                                                                                                                                                                                                                      SHA-256:BC75FAF179CD86C38659558EFE2FAA4E34D285EE45EB3A80326132E3A35E18F9
                                                                                                                                                                                                                                                                                      SHA-512:DC355488498D3161C2C2108CA47E1A55B3C2755B402DF28D57541E7275078A86F881FDC4291B870C67065A7BF08ED1ED6408101C93C5206A51852735C2921B2F
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....-.Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:44:41.....................................................................................&.(................................,........H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..k.5.=G....X.C.....s....{2..^M.wQuO..K..U+Y...t..~>Q...Q.uU..m.sq..._...i.eM.......H.?G.t....,.}..5..o........F.....?..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-RHFDF.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:25 10:08:06], baseline, precision 8, 512x512, components 1
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):83175
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.771716718739004
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:T67BgkPr67BgkPxFoGwlsDose7WFqredB87Ts3+q0IPItWWKN+6cNjGA4ud:WBgjBgco87gWFqSdvzFA0e6c5lTd
                                                                                                                                                                                                                                                                                      MD5:7C3D6396F93C099B16C3F957B52D4182
                                                                                                                                                                                                                                                                                      SHA1:7F574D6E3344DCA44B5B9B50BBA519D760E73FDB
                                                                                                                                                                                                                                                                                      SHA-256:B0A9A94E0524D2193F2EC6804C365E12373782E4F4C671C3A2C0371B8365A337
                                                                                                                                                                                                                                                                                      SHA-512:BC3A22C1857B34E656348388A3F8E26A29A19801779EACE88C9EB5FC6528932DD4971492079F5306BAA714413C8E790C83CC47C9807DCCEC44DB75B1AB0AACF9
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....".Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:25 10:08:06.....................................................................................&.(................................!Z.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..h...9.2.y..>..w...F.].=.....&6.v........P...rG.v......g.?.H..)..}2.u.0.7..X.cq.E......_..m.z.z.g...=E.}K...^..a.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-RL2G0.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:48:02], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):78596
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.696195286103881
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:i8+r8+CNPa3NVESeufeL8gCDAzeSYyjyukpv:/+g+mKNVYqeQgt6SYyK
                                                                                                                                                                                                                                                                                      MD5:5A1A5DB41277D37CEE083B12BE423BBE
                                                                                                                                                                                                                                                                                      SHA1:7D4E2A746D7B365B62450CCFAAD125DA80714B66
                                                                                                                                                                                                                                                                                      SHA-256:E178BBF24479B81CF6A7FA3F74649E1B922C5E621FA0448B03791FA14714B742
                                                                                                                                                                                                                                                                                      SHA-512:1AFC2727C40B0E2A0ABA564AC1E93F6E594A2ACEDE28999878EEF196428E1DAADEAB3601FFE2D802F704B0AAEF4B58E3FD52E2584D602B7E5B6C7DF5EEA2949B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....!.Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:48:02.....................................................................................&.(................................ q.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....[2.mUY.:.w..s.y.`-..#...S.6.dbU......Z..r=\..0....\.4..j.....'..Un..[...yw...:.o...]......,.~.}i..1..Z..s=,.r...W..h.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-TBR60.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 18:18:32], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):37368
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.0978365942082675
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:675/KCubOH5/KCubOq7guaJjz1QuNYNg7ynOagNdPR4+ufIrFVrbnkHr:67DueDul7gpNYyrBNj44VrbkHr
                                                                                                                                                                                                                                                                                      MD5:BD8E50188E3CC95D722B5D2AD27C3802
                                                                                                                                                                                                                                                                                      SHA1:065D9924AAE064B6471B719D0E25B3E02E32F620
                                                                                                                                                                                                                                                                                      SHA-256:8967E678BAFD94B6471B2129207DDFC32EBCDAEED6C649E1C91C2E30BB8ADB3C
                                                                                                                                                                                                                                                                                      SHA-512:EDE55C3FA6516F26F984C76029FFFBCACCA9E06E8BE425FF5E9AB4FEFF9A4C3E0880F2D6AA28371701C4206D7BCBC8F8409DBE15876E03699083A97893D0D1B0
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H.....uExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 18:18:32.....................................................................................&.(.................................?.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..I%)$.IJI%..?.o...:.f5p........W.....%2...+..h...`ck..W.....Z..v.c.....W...[.}Z.n/S..P.S}guV...+!.C..{Yk?s.....oM

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-ULGTE.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:25 09:57:46], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):60069
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.597622891462506
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:LyBOyBXNDqfIMPdoDHkI1SjgwsQuQ560gF:LyMyjuQIal+gwsfQEd
                                                                                                                                                                                                                                                                                      MD5:D1545AB33623AF2EB23F26E70DE28C1A
                                                                                                                                                                                                                                                                                      SHA1:D4FCC3C813405FC096586420ADFDDE976F5EA9DD
                                                                                                                                                                                                                                                                                      SHA-256:65A2802636C59DA02A0B8B513658C7795DB98EBE594E7A27BB2030704B904572
                                                                                                                                                                                                                                                                                      SHA-512:ECA0EE65AF51B5FE1AFCA2DD48306358F50997CCC57430CD01E7988896827776708EBAE4EA01BC51DA1AD34CCD3D559298F8E5693E44470AD5951AB909F3CDE8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:25 09:57:46.....................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..T.I%)$.??.b`S....j..HG.X....!..S}.kZ\..n......^.I'@.....>..n.l.}.0I.6.A..m.o..s.....4?.W..~!. 1...\.k..m^.z.k...?...y4Z

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\Frames\is-UVFQC.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:07:24 14:47:49], baseline, precision 8, 512x512, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):107711
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.7934075099036955
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:E/mO/m0bQTtZ7XVKwTdSMjsL3dZNvz7q2:6mEm5ZbItrdXz
                                                                                                                                                                                                                                                                                      MD5:1CBDDB514EC3852DEAEB1F1C57A5B8FF
                                                                                                                                                                                                                                                                                      SHA1:2A07261478556E28861CE92FBDAC183083E69641
                                                                                                                                                                                                                                                                                      SHA-256:16C3FA28B178D84CE08E818BF7140D5FD0CDE6A62C97A986A567BDD3D710D827
                                                                                                                                                                                                                                                                                      SHA-512:FD1C3D70D3D17B00DC2B8598F62ACEF7206084BC1F2D3B33B9C9723A835EED4C3F774F1508CAD6B980E5247AB53577900D1E99AAA7227A0F8F873FC09A972246
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF.....H.H....*.Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2011:07:24 14:47:49.....................................................................................&.(................................)........H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.o.=7=.....e..i9v.{....l..YN6..........l|.C..K7....n.../}XVfY.p..g....N..:.S.].#.....~....R.n.1..u+...c.M...o../..n#r

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\commands.cfg

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\ImBatch\ImBatch.exe
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1032
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.7100544469545795
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:8m7CZpu9S+h+Hsa0Wh9qyUmH4sYj/L79aIdJcArrhVvRaoGQ:8m7CHu9hh+MqnJFLOP9aeJcErvt
                                                                                                                                                                                                                                                                                      MD5:5E6382614139998B255EAA239AFEB928
                                                                                                                                                                                                                                                                                      SHA1:845C37BF327542C28682779F3E017964DB4DD428
                                                                                                                                                                                                                                                                                      SHA-256:F4D4EBF98F9104E2C6EA4ED9DA1C253301238F7E412C7DB05965969B624ABCD8
                                                                                                                                                                                                                                                                                      SHA-512:FC73F8E5AD80401CF6414F00270AAA672C347CA8831A1F6F7033413EB654C865B6253C6F0C7C7CB9C4D1B409C447AF59E5F457FF36C701B96E21153C9062F6AB
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.[Options]..0=TIF..1=TIFF..2=FAX..3=G3N..4=G3F..5=XIF..6=GIF..7=JPG..8=JPEG..9=JPE..10=JIF..11=JFIF..12=PCX..13=BMP..14=DIB..15=RLE..16=ICO..17=CUR..18=PNG..19=DCM..20=DIC..21=DICOM..22=V2..23=WMF..24=EMF..25=TGA..26=TARGA..27=VDA..28=ICB..29=VST..30=PIX..31=PXM..32=PPM..33=PGM..34=PBM..35=WBMP..36=JP2..37=J2K..38=JPC..39=J2C..40=DCX..41=CRW..42=CR2..43=DNG..44=NEF..45=RAW..46=RAF..47=X3F..48=ORF..49=SRF..50=MRW..51=DCR..52=BAY..53=PEF..54=SR2..55=ARW..56=KDC..57=MEF..58=3FR..59=K25..60=ERF..61=CAM..62=CS1..63=DC2..64=DCS..65=FFF..66=MDC..67=MOS..68=NRW..69=PTX..70=PXN..71=RDC..72=RW2..73=RWL..74=IIQ..75=SRW..76=PSD..77=PSB..78=IEV..79=IEN..80=IMAGEEN..81=LYR..82=ALL..83=WDP..84=HDP..85=JXR..86=PCD..87=DCM..88=DICOM..89=CUT..90=AVS..91=CIN..92=DOT..93=DPX..94=FITS..95=FPX..96=HDF..97=MAT..98=MIFF..99=MTV..100=PALM..101=PCL..102=PICT..103=PIX..104=PWP..105=RLA..106=SGI..107=SUN..108=SVG..109=TTF..110=VICAR..111=VIFF..112=XBM..113=XCF..114=XPM..115=JBG..116=JBIG..117=BIE..118=WEBP..119

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\is-6654O.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):624
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.278868055465264
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:XqYzpb3ESbW2qqKglSsastJX5EO+AdX3fR5zS7n:X/FLLwm3X5lfdXvR5+7n
                                                                                                                                                                                                                                                                                      MD5:D0DC599B22FEFF6C1D6594FD075D92A7
                                                                                                                                                                                                                                                                                      SHA1:C5BA9F3905725E7F16A1862F5135D4CC480B683A
                                                                                                                                                                                                                                                                                      SHA-256:2AF5690AA27F1CE0E2583FACAF04BAE248D486BD2EF1508BD558C79C72304E12
                                                                                                                                                                                                                                                                                      SHA-512:A1383515802B618D046FFFAC8D81F3DEBB4403C04451EABE8ED57A1F68022F44D8B97ECE53E2DBB2B37810D8F84F124E897C308B0D8BEBA19106162AD78EE91C
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.[TaskResize.Options.Vals]..0=100..1=600..3=720..4=768..5=800..6=900..7=960..8=1024..9=1050..10=1200..11=1280..12=1360..13=1440..14=1600..15=1680....[TaskResize.Options.DPI]..0=150..1=300....[TaskSaveAs.Options.FNameTemplates]..0=<Original Name>..1=<Original Name (Without Extension)>..2=<Original Name (Without Extension)>_<File Extension>..3=<Original Name>_<Size (MBytes)>_<File Extension>....[TaskSaveAs.Options.FolderTemplates]..0=<Source Folder>..1=<Source Folder>out....[TaskSoftShadow.Options.OffsetVals]..0=4..1=5..2=6....[TaskRoundImage.Options.Vals]..0=100..1=300....[TaskShiftTime.Options.Values]..0=0..1=5....

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\High Motion Software\ImBatch\options.dat (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):624
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.278868055465264
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:XqYzpb3ESbW2qqKglSsastJX5EO+AdX3fR5zS7n:X/FLLwm3X5lfdXvR5+7n
                                                                                                                                                                                                                                                                                      MD5:D0DC599B22FEFF6C1D6594FD075D92A7
                                                                                                                                                                                                                                                                                      SHA1:C5BA9F3905725E7F16A1862F5135D4CC480B683A
                                                                                                                                                                                                                                                                                      SHA-256:2AF5690AA27F1CE0E2583FACAF04BAE248D486BD2EF1508BD558C79C72304E12
                                                                                                                                                                                                                                                                                      SHA-512:A1383515802B618D046FFFAC8D81F3DEBB4403C04451EABE8ED57A1F68022F44D8B97ECE53E2DBB2B37810D8F84F124E897C308B0D8BEBA19106162AD78EE91C
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.[TaskResize.Options.Vals]..0=100..1=600..3=720..4=768..5=800..6=900..7=960..8=1024..9=1050..10=1200..11=1280..12=1360..13=1440..14=1600..15=1680....[TaskResize.Options.DPI]..0=150..1=300....[TaskSaveAs.Options.FNameTemplates]..0=<Original Name>..1=<Original Name (Without Extension)>..2=<Original Name (Without Extension)>_<File Extension>..3=<Original Name>_<Size (MBytes)>_<File Extension>....[TaskSaveAs.Options.FolderTemplates]..0=<Source Folder>..1=<Source Folder>out....[TaskSoftShadow.Options.OffsetVals]..0=4..1=5..2=6....[TaskRoundImage.Options.Vals]..0=100..1=300....[TaskShiftTime.Options.Values]..0=0..1=5....

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 21:41:12 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2677
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.985685400468157
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:8mkY0dyTeyFH8idAKZdA1oehwiZUklqehsJy+3:8TYZjhBJy
                                                                                                                                                                                                                                                                                      MD5:BE1A422D781BDC59DCE13992C3010D09
                                                                                                                                                                                                                                                                                      SHA1:93CE8BE717206D211C32F45BE9CA568565AE93D2
                                                                                                                                                                                                                                                                                      SHA-256:2DE8DA13EC6E1AAE76E22A1DB3A7B74E507D8C7529581E96FC04F603057CB952
                                                                                                                                                                                                                                                                                      SHA-512:5854E5AAC904A7894684AFDF81E62F8C0EB3489274692C4A98CECAC8C1520BC27E4977E3125539292673946B8C5142285017E82D09BEA62A54701C3D1DEB8A68
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IGY$.....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY$.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGY$.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGY$............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VGY'............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 21:41:12 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2679
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.000541734281079
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:8mkY0dyTeyFH8idAKZdA1leh/iZUkAQkqehxJy+2:8TYZjz9Q+Jy
                                                                                                                                                                                                                                                                                      MD5:E18B5A09BDF4DACDE413CBE94B4C1ACA
                                                                                                                                                                                                                                                                                      SHA1:E9B26D8686CA2B95D60A9492B347BBC17B888F89
                                                                                                                                                                                                                                                                                      SHA-256:795E46C89B09803D8C3FDF4B946D360BC894700AD434E9C2DD33F99131A2E8A5
                                                                                                                                                                                                                                                                                      SHA-512:C71DD8DC7D598731E30B950174EF7212DE2FC2575E582338F887391B5C58F193743DC2B94BA630FA7665873A257517A27F5656417F0169500A14A6D7F6A333A1
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IGY$.....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY$.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGY$.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGY$............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VGY'............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2693
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.008739892249949
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:88Y0dyTeybH8idAKZdA14t5eh7sFiZUkmgqeh7srJy+BX:88YZj1ndJy
                                                                                                                                                                                                                                                                                      MD5:5A295E5C956DEEBA8BE6DD8389B2891D
                                                                                                                                                                                                                                                                                      SHA1:D984380C7CE8A65E28FCF779865B1FB48A173B0A
                                                                                                                                                                                                                                                                                      SHA-256:158C0C8024397570AD0ABB1E76456C44EA59878ACBF5FC4B49E34A1DCB3A6714
                                                                                                                                                                                                                                                                                      SHA-512:FC835697F49177500B635958611ACA117C3D500A6676AD36EE7F752FAA862C7C61A8F98392D1D9527C7145CC0D056B7F11AFAE6DA1B3034252868A1DDA4795D3
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IGY$.....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY$.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGY$.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGY$............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 21:41:12 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2681
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.9975797993716946
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:8lkY0dyTeyFH8idAKZdA16ehDiZUkwqeh1Jy+R:8eYZjAjJy
                                                                                                                                                                                                                                                                                      MD5:84AAC9535667C1BC3AE70A774D39BAD0
                                                                                                                                                                                                                                                                                      SHA1:4B111A6312050E2E79DECD356087386803B0D29D
                                                                                                                                                                                                                                                                                      SHA-256:51C65C191E8D26CABDB598431B40DB26278F56C72F1FD9A3E14176E709179394
                                                                                                                                                                                                                                                                                      SHA-512:30DB5400BC365B35148AB2324A7D291C076835D9DB39235DE95A15F75302AAAA5D597AA539A5C06ADA913B68E3114AA8FDEC68A69DCFEF8E4DC03F817E28C85E
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ...$+.,....M......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IGY$.....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY$.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGY$.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGY$............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VGY'............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 21:41:12 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2681
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.9870138700660016
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:8WkY0dyTeyFH8idAKZdA1UehBiZUk1W1qehnJy+C:8DYZjg9HJy
                                                                                                                                                                                                                                                                                      MD5:39A407B118960ECCA362598B76603D62
                                                                                                                                                                                                                                                                                      SHA1:0D011EF48545D17DB70531511F27BA04855EB9F9
                                                                                                                                                                                                                                                                                      SHA-256:70A5EF1FE531E34BDCDC2B08F9EBB3BAC709A44A3B7AA1C8A7B7FF98247AB147
                                                                                                                                                                                                                                                                                      SHA-512:B2930E4FE96C6CDA6DDF62D51F54C3CAEBAEDCD63034ACE842186C8005F12941A7E2E4FAFFD255D008BA768F1BC2F6A6D9CCC90074230169477A56CF99778BED
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ...$+.,....};......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IGY$.....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY$.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGY$.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGY$............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VGY'............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 21:41:12 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2683
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.997225892102231
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:8akY0dyTeyFH8idAKZdA1duTrehOuTbbiZUk5OjqehOuTbdJy+yT+:8XYZjNTYTbxWOvTbdJy7T
                                                                                                                                                                                                                                                                                      MD5:AFDF76DE0CC96755F2588A5ECB770B59
                                                                                                                                                                                                                                                                                      SHA1:24A64ADCDE89DA711B1D4E2AD52B3FA9C62A0ADB
                                                                                                                                                                                                                                                                                      SHA-256:BB1CB7B8FA72860D051B2DFC8CE089CB6A9D5EA751BFF3923FEDF05204D794D2
                                                                                                                                                                                                                                                                                      SHA-512:809C806116640BD89929B7C8449B0F3B4BA30C3F466600529BBB62614B42518981E0798A8BB13D5A6F37BC44FEAB1FE8996750FA3D70F56B8A7454B99C38DBB8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IGY$.....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY$.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGY$.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGY$............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VGY'............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 230

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):12629
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.923136784525462
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:YiZfhVaWKBBu4tFqn9nUWYX6fri7s4YXixdh/Hhe3:7NhVaWufZ6DiAbcpHM3
                                                                                                                                                                                                                                                                                      MD5:6E5EFCCDF748CC778BD48B9CD87F3782
                                                                                                                                                                                                                                                                                      SHA1:91BEB4CA03F00E8BE63261FC2F4D13DC538ED70F
                                                                                                                                                                                                                                                                                      SHA-256:FAD84EFA145FB507E5DF9B582FA01B1C4E6313DE7F72EBDD55726D92FA4DBF06
                                                                                                                                                                                                                                                                                      SHA-512:FAEEDDB69E0E2AB5EEFCEEB20C2BD3CAA03F2C0FA895DE8C9287FDB367D241AB0A8E4083145F642604CEF26DBE9211D4FCA8AA8F445638B2CA62F51F450784BF
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/misc/jquery-html-prefilter-3.5.0-backport.js?v=1.4.4
                                                                                                                                                                                                                                                                                      Preview:/**. * For jQuery versions less than 3.5.0, this replaces the jQuery.htmlPrefilter(). * function with one that fixes these security vulnerabilities while also. * retaining the pre-3.5.0 behavior where it's safe to do so.. * - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022. * - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023. *. * Additionally, for jQuery versions that do not have a jQuery.htmlPrefilter(). * function (1.x prior to 1.12 and 2.x prior to 2.2), this adds it, and. * extends the functions that need to call it to do so.. *. * Drupal core's jQuery version is 1.4.4, but jQuery Update can provide a. * different version, so this covers all versions between 1.4.4 and 3.4.1.. * The GitHub links in the code comments below link to jQuery 1.5 code, because. * 1.4.4 isn't on GitHub, but the referenced code didn't change from 1.4.4 to. * 1.5.. */..(function (jQuery) {.. // Parts of this backport differ by jQuery version.. var versionParts = jQuery.fn.jquer

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 231

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:GIF image data, version 89a, 1000 x 46
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):3065
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.821719295775181
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:vvP2Jv9bsyIzgBFC6oxytPhfYaoWZmwWfJn2z0aL7NYf5GSyI5m/vLY4seSe7od2:vmJvGlJDnaoOmwT0aL7SB5mbY4s47ola
                                                                                                                                                                                                                                                                                      MD5:823C3ED75C038DD64A53916E6C8F91D1
                                                                                                                                                                                                                                                                                      SHA1:149050D6359AFFAC53D87A64210E53E71D58A608
                                                                                                                                                                                                                                                                                      SHA-256:BC6DA901C70977D77ECD68C065F75167D3E7A962073D5459198101237A60679A
                                                                                                                                                                                                                                                                                      SHA-512:3E21BF86B3013822B90D55D9E07748CBC8E0FEE4DFEA1E9FFDB00BC7E8334BF163A02F0A41514AEB7139B4E083C468FD2626DB1E4F717B5F7D03F047584A1BB8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:GIF89a........a).]..Z .f-.`&.r4.\!.` .x7.V..W..b".`".L.f%.^$.v4.t3.l*.[..v6.d$.f'.zB.s3.r0.H.^ .r*.p/.n-.t4.l,.f&.{8.s1.q2.\..j,.h(.o0.x7.j0.o-.\..p0.h*.j*.j..n,.g&.b$.j).h(.p0.Z..E.C.t5.s2.l,.l0.i*.n2.T..l1.d%.j'.^..h/.n1.g,.g,.G.k..K.n(.c$.c(.k..m..J.J.f(.u3.o2.a".F.v5.d).\".^".^#.d%.F.n..d&.^..r3.`!.yA.h*.b&.X..f+.j-.f+.f%.w6.m0..D.b#.Z!.`$.d*.j).[ .j1.d'.m(.z7.d(.o2.Z".^&.f&.h*.H.U..t2.h(.e*.e&.b(.` .`'.x5.p..j,.r4.X..q2.e*.\$.a$.^$.m2.d#.d,.a".X..t6.i..n3.w5.k'.V..i,.J.n0._ .V..Y..s2.g..h-.c#.p).a&.o3.c#.b%.u5.q/.l*.l/.k0.g).b%._".Y..y6.y7.q0.m,.`..e'.e%.a".] .]#.]#.Y .z8.z7.n/.b!.v6.m/.h0.n1.u6.r1.H.m..I.G.o/.|C.p4.l..a&.K.] .S..m1.U..H.Z!.i/.K.G.k*.S..^&.[#.n..v5.m..r3.X .i..l0.i+.s5.n/.g'.d'._#.e%.S..T..u3.Y..U..i).g'.c%.Z".a!.W .]&.q1.v3.p....!.......,................[.)R.-......8r..G....3j.... C..I...(S.\...0c.I...8s...'H...:.,..(.....4X0[..).J....Re.....`..K...h.]...!....)U...t.*&..-.L....4..6..Y-.Jk..p#K.L....3k...?..$.HE"...)..n...-a.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 232

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:PNG image data, 13 x 39, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):573
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.342574100398678
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:6v/7tJori55HTMOdduUT0FaNApy064sgKl81zsIyVEsNoK3Rq6TzkNl:DrinHTMOjuUT0FQxlg881ziqj6/kNl
                                                                                                                                                                                                                                                                                      MD5:D3B686FF6004B431D5019E4B51A8CC0D
                                                                                                                                                                                                                                                                                      SHA1:34EC288BDCAD2EADA81C75960439BF60B95EB285
                                                                                                                                                                                                                                                                                      SHA-256:96E3E8DFDE6B1042514824BAC1B44282D4A76BAC028F2D767F6534DCE2CF3DB0
                                                                                                                                                                                                                                                                                      SHA-512:557DCD2FEBE12D091B96FE31087A48838058F67FB880B89D40A0C43E664BDF9F99ABB659CB263336DD03A86E55F0D9C7F1281D34155D03B236D71EB6B3FE1EB3
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.PNG........IHDR.......'.......2.....PLTEGpLW^mgn}dkzel{cjyfm|`gv\cr]dsPWfU\kSZiV]lQXgQXgbixPWfY`oY`oRYhPWfU\kgn}W^mgn}QXgdkz`gv\cr]dsU\kZapW^mcjyQXg...:X.....=Z.jq........p..ho~......gn}_fu...cjy\t....[bqel{...fm|^etX_n`gv...........ahw............|........`x.......Kf....<Z...[s...$tRNS...f.:..,z..p.2.....n..H..D0..l.....}:/....IDATx^..Wo.@...qo.W......0vz....duZtA.C.a.O#..}.x}.@...?.\7...Y]..k.L(..E..y-to"..g...bz...` ...O/........5....J.%.c.{.......e,...,...lq.....`sc}...N.......a:-1.O.4.Z....8.v.C..5.N...,.7.......|<d.).....Ut5...eO....IEND.B`.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 233

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):875
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.984019957529544
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1BXG/YDNUNilNfnx3qVORbvGRohVVohP2RbwhP/+:KKx6VOBGWhVihOyhn+
                                                                                                                                                                                                                                                                                      MD5:009F2616018E14461C7193C5E6223044
                                                                                                                                                                                                                                                                                      SHA1:3D9AAC2B57DA019C6528812B8D8B3770338C78DC
                                                                                                                                                                                                                                                                                      SHA-256:32BB442E95336CA11BE13ED3FEADDD801FE714BCDAB11081C74D59443D722E00
                                                                                                                                                                                                                                                                                      SHA-512:64C25B5C5DE769B3F7A445E1B476C6F62708AB61A064F1BBC9EC41EC5D29F38256048A406F39CAEBDC7ED2241AD60DB2331142CF10344ED36B5545CECC7E7C9A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://badges.crowdin.net/imbatch/localized.svg
                                                                                                                                                                                                                                                                                      Preview:<?xml version="1.0"?>.<svg xmlns="http://www.w3.org/2000/svg" width="97" height="20"> <linearGradient id="a" x2="0" y2="100%"> <stop offset="0" stop-color="#bbb" stop-opacity="0.1"/> <stop offset="1" stop-opacity="0.1"/> </linearGradient> <rect rx="3" width="94" height="20" fill="#555"/> <rect rx="3" x="60" width="37" height="20" fill="#4c1"/> <path fill="#4c1" d="M60 0h4v20h-4z"/> <rect rx="3" width="97" height="20" fill="url(#a)"/> <g fill="#fff" text-anchor="middle" font-family="DejaVu Sans,Verdana,Geneva,sans-serif" font-size="11"> <text x="30.456852791878" y="15" fill="#010101" fill-opacity="0.3">localized</text> <text x="30.456852791878" y="14">localized</text> <text x="77.619047619048" y="15" fill="#010101" fill-opacity="0.3">29%</text> <text x="77.619047619048" y="14">29%</text> </g></svg>.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 234

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:GIF image data, version 89a, 1200 x 130
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):13692
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.9655707241410365
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:QrvznMFISSfPAQNB+xUyV3PcUfAo4svvUyWOaWYcX:dIRAQNM6yljfAkiGX
                                                                                                                                                                                                                                                                                      MD5:643F8178900831AE494AC945C34C5B9F
                                                                                                                                                                                                                                                                                      SHA1:2C299A11B2FB8AB270217C846CB54CF215DBF938
                                                                                                                                                                                                                                                                                      SHA-256:DF8AA68AB3CD14D2256228E890575E75949E99D8CDBAA69C8DAF4CE1BB56F09C
                                                                                                                                                                                                                                                                                      SHA-512:120F6F65BCD12F721720E5EA185E6D82A40AA255921BDE9B18C14E64E78F04B137C9A6EB504BC0C268C9B7C6E1E0A963317CF6983493BCA1413D78C0DD26C66B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/sites/all/themes/freshmade/img/header-wrapper-2.gif
                                                                                                                                                                                                                                                                                      Preview:GIF89a.......(('6300.,999L>2+)'.,*F8*?81L>040,:4.H<0H=20/.N>062.=2(J<.:61,++741M@3J:,2.*:5010.F:.>6.<4,D;2B:2B8/,*(666.-,*))>704.(F6&N@0C90@6,H:,)'&82,>4*42/B6+1,'D8,92*84/60**('D7*L<.J>183.20-0,)888H;.=5.**);;;G8*C:0F;0@7.41-0-*80(..-B7,:3,RB3PA472-.+('&&2/,61,444,,+'''D9.>5,<2)4/*=3)J=0F7&80'81*E:/F<15.(<6/?6-F9,:1(C8-<3*6/(60)@5*E8+@5)K;-K>0K<-2-(;4-/+'?4)777322222333211/..531321100111-,,431951421M=-QA1000N>.F<2OA4@91O?/QB2///P@1+**---332QA2A92420<71840841=71QB3K?3210N@3320+++,,,***L<,...E;2520221<60PB3G<2PA2N>/21/P@0P?0K;+J:*31/L<-I9)I>3=70851D:1RA2310Q@1;61J>2J>3O@3A8/G=2M>-OA3<<<20.H8(110D:0//.++*J:+O>/PA3PA1H8)=60@80P?/;2)J9*N?053094/QC3K>1L?2@81B91L=,O>.L=.31.30-N@2I8)N=.O@1K:*J9)N=-A80O?.20/<5/Q@0N>-M=,OA2K:+E:0G7'--,L<+K;*L;,I:*4-(J;-:::H9*M?2B5)C6*K<+M<-I<....!.......,...............H. A(U.&4......H...!.h...cG8p..C....(..Y.%B.-Z..a.F..}.n.<.S..e@...F....HO.[...P.J.J...X.j....`..K...h.]...p..K.j..F..]...PX.|..r@...6i.....2HPv1I2..z =v.1...)F|H..A....\.u...

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 235

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:PNG image data, 20 x 110, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):250
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.278444178625739
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:6v/lhPHjnDsp5hVukaudmKJMJEFjpJdgiGkup:6v/7/8xgkSKCJetgi4
                                                                                                                                                                                                                                                                                      MD5:6D3582C2BD244539E8BA38E0E8DF161D
                                                                                                                                                                                                                                                                                      SHA1:B7AE7B9AC1F43424FCD34AA6012542E1595C8528
                                                                                                                                                                                                                                                                                      SHA-256:2EA87D332EDDA7BC80411D7BCFE5E25BB068FBFD5B0EFC6383E4A753089B823C
                                                                                                                                                                                                                                                                                      SHA-512:69CF00E43BE4FA386AADB68546805320382269709DDA5D038EDFF1034E8C6E3153CD743820D8F47D991EEB5D0BAA6ADF706C97C1DF5F8EE9C76E75FF0ED06F08
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/sites/all/libraries/superfish/images/arrows-ffffff.png
                                                                                                                                                                                                                                                                                      Preview:.PNG........IHDR.......n.....'03.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...Q..0.......;...b..."~_.C?..'..'C/...(x..Nq..Aq.U.x.....%.Nc#0...4v\..S..................................t..E_X.X.q.D.M=lqPi.8y....Kp............E&.Q.....IEND.B`.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 236

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):20611
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.877897624550885
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:Xt4QnBjP5i8UVpo3H3r52y34ZIrNx6t1QSWK/0+MgZTd/u7v/TfRJ:XhziXVpo3H3r523v0gpd/2T7
                                                                                                                                                                                                                                                                                      MD5:2B587BB02819D09AB40485D88CA645C4
                                                                                                                                                                                                                                                                                      SHA1:914380FC5158927571583763A00DCD2CE22A3D97
                                                                                                                                                                                                                                                                                      SHA-256:9A1BBCECC783930543E61805D08CFDDAA643C1A6309D1B3A9E3216961B75DEDE
                                                                                                                                                                                                                                                                                      SHA-512:B829A4394924844065004D98AB3153C9E30660F99D36202F35D10847029F8CFA1F9B0B6D945A84D64C0DF93D72AB043D4D8D425A7AABEE71D0CF3776CC767060
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.var Drupal = Drupal || { 'settings': {}, 'behaviors': {}, 'locale': {} };..// Allow other JavaScript libraries to use $..jQuery.noConflict();..(function ($) {../**. * Override jQuery.fn.init to guard against XSS attacks.. *. * See http://bugs.jquery.com/ticket/9521. */.var jquery_init = $.fn.init;.$.fn.init = function (selector, context, rootjQuery) {. // If the string contains a "#" before a "<", treat it as invalid HTML.. if (selector && typeof selector === 'string') {. var hash_position = selector.indexOf('#');. if (hash_position >= 0) {. var bracket_position = selector.indexOf('<');. if (bracket_position > hash_position) {. throw 'Syntax error, unrecognized expression: ' + selector;. }. }. }. return jquery_init.call(this, selector, context, rootjQuery);.};.$.fn.init.prototype = jquery_init.prototype;../**. * Pre-filter Ajax requests to guard against XSS attacks.. *. * See https://github.com/jquery/jquery/issues/2432. */.if ($.ajaxPrefilter) {. /

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 237

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (7809)
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):326935
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.569480325299542
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6144:p47RIGKlqXm5bMvO5K1x72Dej7sssFVVl2pd:i7RwUXm5TlO
                                                                                                                                                                                                                                                                                      MD5:F3017E6D1A27D9DB9D476357CCBDDF23
                                                                                                                                                                                                                                                                                      SHA1:7CB55002EC356FAD8F7FB274F6BB798C86E44E10
                                                                                                                                                                                                                                                                                      SHA-256:45F880D4C07A4E3D15D1F8584B3DF85C4C210F44FCD185006F5FD380CFFA5A49
                                                                                                                                                                                                                                                                                      SHA-512:5523F7644B1D32EB68FD13084FE060C8D077745D3813F41D7DD9D8E6DB056BBEF2CE67F01F4361209027E469EC5581BBAD650E4E41497A6F0039BF55DC03818B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.googletagmanager.com/gtag/js?id=G-DM0MT881VN
                                                                                                                                                                                                                                                                                      Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_1p_data_v2","priority":18,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_lastNameType":"CSS_SELECTOR","vtp_autoAddressEnabled":false,"vtp_regionValue":"","vtp_countryValue":"",

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 238

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):3415
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.7320912976466625
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:8x92YTc7OfmmoRQ91aXgFCj8kBDfUB35FjY6v5xCTque+ac:1Y+iJucA8OD8BJFjYLTque+ac
                                                                                                                                                                                                                                                                                      MD5:73CC1B4B47E9A54A3732CFC8D09BF2B0
                                                                                                                                                                                                                                                                                      SHA1:9B94000F047EFBF2C40E686432651303F2666375
                                                                                                                                                                                                                                                                                      SHA-256:C54103BA57EE210CA55C052E70415402707548A4E6A68DD6EFB3895019BEE392
                                                                                                                                                                                                                                                                                      SHA-512:FE7796B87610CABC4E52E4CD3D2DE5E552A8AC2D042BC52068CFA5B4EC7DB78AF343E7C7AF5B72606195168608335BEFD058F84BD1EB6BE6D03DD3309548ABA3
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:/**. * For jQuery versions less than 3.4.0, this replaces the jQuery.extend. * function with the one from jQuery 3.4.0, slightly modified (documented. * below) to be compatible with older jQuery versions and browsers.. *. * This provides the Object.prototype pollution vulnerability fix to Drupal. * installations running older jQuery versions, including the versions shipped. * with Drupal core and https://www.drupal.org/project/jquery_update.. *. * @see https://github.com/jquery/jquery/pull/4333. */..(function (jQuery) {..// Do not override jQuery.extend() if the jQuery version is already >=3.4.0..var versionParts = jQuery.fn.jquery.split('.');.var majorVersion = parseInt(versionParts[0]);.var minorVersion = parseInt(versionParts[1]);.var patchVersion = parseInt(versionParts[2]);.var isPreReleaseVersion = (patchVersion.toString() !== versionParts[2]);.if (. (majorVersion > 3) ||. (majorVersion === 3 && minorVersion > 4) ||. (majorVersion === 3 && minorVersion === 4 && patchVersion >

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 239

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1280
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.558054323600257
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:gqSNJ0c1sp7wQnkD5uWbno4F6mZ8VWYYPGMavRrx077matgyq:gL0iWTnmuWl9Z+AP5aJrxaVdq
                                                                                                                                                                                                                                                                                      MD5:5A708FEC880E7AF7052ED9DE366C9EAA
                                                                                                                                                                                                                                                                                      SHA1:64C13037B062062B9F342E019A963EB341BFC9E8
                                                                                                                                                                                                                                                                                      SHA-256:F0B8B3B1D6357BB1440CC5689519C97833550767634F0D0B35EA424F0712D00F
                                                                                                                                                                                                                                                                                      SHA-512:CECAB2EFD0E455B0CC4A8B43C5463A4D575BDDAC82F361A0AC96F58FD1A7EEDC8ADDB5EF79E8E8259D2D57676977561CA6F1D30C56A01928065399A9F6603407
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6a010000c60100003a020000600200009a0200002b030000aa030000e00300000b0400004204000000050000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2..".........................................................................S=1"Z....*...\.b...{..avR.w.x...........?............................ ..3...............^].....G|.~.7.$.Ygx....6Ae'.~Z...T....U..O.,..,....77.X.~....R.....]G........................ 0........?..........................!0........?........*.......................!"1. aq.02Q.A............?..F..op.K..m=?.G.*a.J......(.....G.+...D..f.....RN.J9.b.......0..o.}sf.....q.x.Pa.A/.)q.~S*k.......$....................!1A.. Qa..q...........?!D..BlR$.$-...`.....^,./...op."h(86.d...u....e..!.....2..0...5... ......<.S.u(7.d...i.Yb.....D.f!.H..R..g..T....................<.O<.....<........................ !01........

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 240

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 526x395, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):15587
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.909017222369387
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:iCD636NduDIjWRkc+jFPg3Qv5/enSG4zNy+odUWjGFcD/:ihDajFPP1Z/TWdD/
                                                                                                                                                                                                                                                                                      MD5:DFEA772D79B28452A349AD194D1F0382
                                                                                                                                                                                                                                                                                      SHA1:D46CE9E26D2E5A13672208B36F3EF48F5CDA28D1
                                                                                                                                                                                                                                                                                      SHA-256:2043B6F916C8A953A361D41B48D95B119158D7536C34BE9FF67277B441C7DABE
                                                                                                                                                                                                                                                                                      SHA-512:EC509FF7AF9C67881541D6B923767EE9E678D9F05FF867986D60ED1116FD43B821B972BD0C462181C52DCB7E588C1B82E0D94E3A8B98E24D25CE8E94056AE8D3
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f0100002c080000390f00001e10000029110000e618000038230000da250000c5260000ce270000e33c0000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."..............................................................................P......................................................................................T.....................13j..OF:r3.B.17e...g....B.%.@B.. .,PB.. ......B.y..4w....tC.|..j.......p..<.y....K... .`.PX..R..(.E.a@@.,..............[.+Fw...g...={8..H..../G... ........`...T.,............;5zr.+FW..4...g,'.....>..9...q...t`...........,.....%.x...........&&w........\/?{....h..K...X..@..................o..v.."LFH5s..'...,:..i.x~`.^....*T....R..........T......A..v.Gc.*2b2.{i..{21..s.O..u09....{....................(..%..........N.d.f.$..L.M._..i.u.=./f'$.5(.AR.T..aPP...@. !H,....j...Sv.[.3bg9.......F;...t

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 241

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):3778
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.665598890662172
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:5JxM2vOXmQgL5ZkivCXOtyziX+nXRdnk+:/W2vOXmQgL5Z5QiAXRdnf
                                                                                                                                                                                                                                                                                      MD5:5C711DED2CAC3BB36ECDED89BFA957C3
                                                                                                                                                                                                                                                                                      SHA1:B0E4F13F592CA91298725D5FA1467A09189E572B
                                                                                                                                                                                                                                                                                      SHA-256:F50ECCCAB299718F06B5DFEF251E49D21622EE3F9F9F21FE3A19E3D0751DB021
                                                                                                                                                                                                                                                                                      SHA-512:A7C8B23A900AFB24B666456A743B5075D674B49CD632337165A5B286718D807102A627F5C98731A23572F0226248A1A4023FF0239BA00B648218DCD054B0050B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:/*. * Supersubs v0.2b - jQuery plugin - LAST UPDATE: MARCH 23rd, 2011. * Copyright (c) 2008 Joel Birch. *. * Jan 16th, 2011 - Modified a little in order to work with NavBar menus as well.. *. * Dual licensed under the MIT and GPL licenses:. * http://www.opensource.org/licenses/mit-license.php. * http://www.gnu.org/licenses/gpl.html. *. * This plugin automatically adjusts submenu widths of suckerfish-style menus to that of. * their longest list item children. If you use this, please expect bugs and report them. * to the jQuery Google Group with the word 'Superfish' in the subject line.. *. */..(function($){ // $ will refer to jQuery within this closure.. $.fn.supersubs = function(options){. var opts = $.extend({}, $.fn.supersubs.defaults, options);..// return original object to support chaining. return this.each(function() {. // cache selections. var $$ = $(this);. // support metadata. var o = $.meta ? $.extend({}, opts, $$.data()) : opts;. // get the

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 242

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):3945
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.898725812028943
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:jvR3uywA7mjz9fyodl9+jUzbq9Vfmg3P326:FeyhmHlsjug3P3t
                                                                                                                                                                                                                                                                                      MD5:CDE66C94EDC261189DE90ECC7E0D87B1
                                                                                                                                                                                                                                                                                      SHA1:8976D8D2CBD52900E822B3F1D5742A05967BB5CD
                                                                                                                                                                                                                                                                                      SHA-256:B254A812AA7E94135F1FCEAD1E8E0BC08708819792929FFA77BDA9C786D79EF0
                                                                                                                                                                                                                                                                                      SHA-512:22620F37E34BEE1B693E530F9B5CD89792437C3178836CF5205C1EA847801F6803FF06AC3430D1EF043C7F8DF5A2E7AEB1B9058AC1C81D0BDB838787098BB426
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:/*. * Superfish v1.4.8 - jQuery menu widget. * Copyright (c) 2008 Joel Birch. *. * Dual licensed under the MIT and GPL licenses:. * http://www.opensource.org/licenses/mit-license.php. * http://www.gnu.org/licenses/gpl.html. *. * CHANGELOG: http://users.tpg.com.au/j_birch/plugins/superfish/changelog.txt. */..(function($){. $.fn.superfish = function(op){. var sf = $.fn.superfish,. c = sf.c,. $arrow = $(['<span class="',c.arrowClass,'"> &#187;</span>'].join('')),. over = function(){. var $$ = $(this), menu = getMenu($$);. clearTimeout(menu.sfTimer);. $$.showSuperfishUl().siblings().hideSuperfishUl();. },. out = function(){. var $$ = $(this), menu = getMenu($$), o = sf.op;. clearTimeout(menu.sfTimer);. menu.sfTimer=setTimeout(function(){. o.retainPath=($.inArray($$[0],o.$path)>-1);. $$.hideSuperfishUl();. if (o.$path.length && $$.parents(['li.',o.hoverClass].join('')).length<1){over.call(o

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 243

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (6040)
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):30864
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.484725023735489
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:7sh6SmlA0ucRJij8qvHT95OjvbNyWBtaAUByfOQHr:7xFRUfL9FmuyWQHr
                                                                                                                                                                                                                                                                                      MD5:652185512A0BA697E71BDE78546EEBCA
                                                                                                                                                                                                                                                                                      SHA1:C898644D7B83BA5F0CD62302ABA4396AB789C80E
                                                                                                                                                                                                                                                                                      SHA-256:D880B04EE876D56A2D46C98470697434FDE5B1F86473FFEF45BF381B39C3EDA9
                                                                                                                                                                                                                                                                                      SHA-512:870EC4B1AB299685EEFD4BDE2D183762C1D7788545C6FE675F8DC995048835DFFC02DD046A07F23F77E7B3948B0E86C06541F8ED5416B68CD749A8DA72D88597
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://static.xx.fbcdn.net/rsrc.php/v3/yV/r/fZu5tZNIUeX.js
                                                                                                                                                                                                                                                                                      Preview:;/*FB_PKG_DELIM*/..__d("BanzaiLogger",["cr:9989"],(function(a,b,c,d,e,f,g){function h(a){return{log:function(c,d){b("cr:9989").post("logger:"+c,d,a)},create:h}}a=h();c=a;g["default"]=c}),98);.__d("BehaviorsMixin",[],(function(a,b,c,d,e,f){var g=function(){function a(a){this.$1=a,this.$2=!1}var b=a.prototype;b.enable=function(){this.$2||(this.$2=!0,this.$1.enable())};b.disable=function(){this.$2&&(this.$2=!1,this.$1.disable())};return a}(),h=1;function i(a){a.__BEHAVIOR_ID||(a.__BEHAVIOR_ID=h++);return a.__BEHAVIOR_ID}a={enableBehavior:function(a){this._behaviors||(this._behaviors={});var b=i(a);this._behaviors[b]||(this._behaviors[b]=new g(new a(this)));this._behaviors[b].enable();return this},disableBehavior:function(a){if(this._behaviors){a=i(a);this._behaviors[a]&&this._behaviors[a].disable()}return this},enableBehaviors:function(a){a.forEach(this.enableBehavior,this);return this},destroyBehaviors:function(){if(this._behaviors){for(var a in this._behaviors)this._behaviors[a].disable

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 244

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):2974
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.479836987832445
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:EgyBwMv6p5xvl16d7r3J9HW4cB7ALe//853L2DhPhmjNy3YuzaVHZ57qXvAapFyI:lyfv6Tpv6d7r5A4ctT3WCtPAp0YuzatM
                                                                                                                                                                                                                                                                                      MD5:CCEEBAD9BBB56917E310D1A7369F267B
                                                                                                                                                                                                                                                                                      SHA1:5866489ECB92B075184C24174D9A22EDC295B19D
                                                                                                                                                                                                                                                                                      SHA-256:1430F42C0D760BA8E05BB3762480502E541F654FEC5739EE40625AB22DC38C4F
                                                                                                                                                                                                                                                                                      SHA-512:8274447A72A9088A776AC2CC349C122647CE2B43BE8E9B9F36361A57091A025F8E621BB574F92A2799909DCFF0822D3D54379B1A9F32B7F4ACDB5D99EA075A0A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/misc/jquery.once.js?v=1.2
                                                                                                                                                                                                                                                                                      Preview:./**. * jQuery Once Plugin v1.2. * http://plugins.jquery.com/project/once. *. * Dual licensed under the MIT and GPL licenses:. * http://www.opensource.org/licenses/mit-license.php. * http://www.gnu.org/licenses/gpl.html. */..(function ($) {. var cache = {}, uuid = 0;.. /**. * Filters elements by whether they have not yet been processed.. *. * @param id. * (Optional) If this is a string, then it will be used as the CSS class. * name that is applied to the elements for determining whether it has. * already been processed. The elements will get a class in the form of. * "id-processed".. *. * If the id parameter is a function, it will be passed off to the fn. * parameter and the id will become a unique identifier, represented as a. * number.. *. * When the id is neither a string or a function, it becomes a unique. * identifier, depicted as a number. The element's class will then be. * represented in the form of "jquery-once-#-processe

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 245

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:PNG image data, 20 x 110, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):250
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.278444178625739
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:6v/lhPHjnDsp5hVukaudmKJMJEFjpJdgiGkup:6v/7/8xgkSKCJetgi4
                                                                                                                                                                                                                                                                                      MD5:6D3582C2BD244539E8BA38E0E8DF161D
                                                                                                                                                                                                                                                                                      SHA1:B7AE7B9AC1F43424FCD34AA6012542E1595C8528
                                                                                                                                                                                                                                                                                      SHA-256:2EA87D332EDDA7BC80411D7BCFE5E25BB068FBFD5B0EFC6383E4A753089B823C
                                                                                                                                                                                                                                                                                      SHA-512:69CF00E43BE4FA386AADB68546805320382269709DDA5D038EDFF1034E8C6E3153CD743820D8F47D991EEB5D0BAA6ADF706C97C1DF5F8EE9C76E75FF0ED06F08
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.PNG........IHDR.......n.....'03.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...Q..0.......;...b..."~_.C?..'..'C/...(x..Nq..Aq.U.x.....%.Nc#0...4v\..S..................................t..E_X.X.q.D.M=lqPi.8y....Kp............E&.Q.....IEND.B`.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 246

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:PNG image data, 18 x 12, 2-bit colormap, non-interlaced
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):121
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.8051133484266515
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:yionv//thPlKll0xgsQ6ctG2/uDlhlKFu9VYof/Xjp:6v/lhPwlGxTQl7/6TQkuofvjp
                                                                                                                                                                                                                                                                                      MD5:374286E7D8DF65E661BFAF685032A7D7
                                                                                                                                                                                                                                                                                      SHA1:BEA4737124DBEF1C0D796009953907FBDFADC14E
                                                                                                                                                                                                                                                                                      SHA-256:1DACE7B7005FCC6E236D32287D90537BD2470CD53563CE55B66F043CED2379DB
                                                                                                                                                                                                                                                                                      SHA-512:E02111DCC364AD176D8A5E8367E11572356DB67C0A94297D4D4AEA47286A500B7FBA454D2CBABA7A01BB6963624E5B8B952C92BE165F56E63C459BA1DF887BAE
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/sites/all/modules/languageicons/flags/ru.png
                                                                                                                                                                                                                                                                                      Preview:.PNG........IHDR..............|./....PLTE........../......pHYs.................IDAT.[cX....0I\ ...0I.c-..N......IEND.B`.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 247

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (45534)
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):225285
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.389013737767993
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:pyEMF3S1d3wWLstPIEovvdQfaPvQmfIiBSQZWc1APF3SDRns71iMw8F6Oum19udD:xMFW3wIvLvLwDXYn6L9C/3dY357bM68
                                                                                                                                                                                                                                                                                      MD5:93ED91C82FE393973DD63EAE0F849E73
                                                                                                                                                                                                                                                                                      SHA1:3424F4D44A8FB55266F9F02DB4FAC958FBD69E4F
                                                                                                                                                                                                                                                                                      SHA-256:9596AFA1D6A63C08B54AFCCD1B4BBE312135C4ACE39C0689BA3BCC6B9D6C7FAD
                                                                                                                                                                                                                                                                                      SHA-512:01A9D0065AB54DF0066DE9ADA72C17B4CE332C846C92DC1727BA2A2BBEFA1B28F352A773C95FF7499A6279619A2DD73BB736DA5FBC3C594DC58A91F69DB8F8FC
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://static.xx.fbcdn.net/rsrc.php/v3/yR/r/PNStWZQ9T-1.js
                                                                                                                                                                                                                                                                                      Preview:;/*FB_PKG_DELIM*/..__d("EventListenerImplForBlue",["Event","TimeSlice","emptyFunction","setImmediateAcrossTransitions"],(function(a,b,c,d,e,f,g){function h(a,b,d,e){var f=c("TimeSlice").guard(d,"EventListener capture "+b);if(a.addEventListener){a.addEventListener(b,f,e);return{remove:function(){a.removeEventListener(b,f,e)}}}else return{remove:c("emptyFunction")}}a={listen:function(a,b,d){return c("Event").listen(a,b,d)},capture:function(a,b,c){return h(a,b,c,!0)},captureWithPassiveFlag:function(a,b,c,d){return h(a,b,c,{passive:d,capture:!0})},bubbleWithPassiveFlag:function(a,b,c,d){return h(a,b,c,{passive:d,capture:!1})},registerDefault:function(a,b){var d,e=c("Event").listen(document.documentElement,a,f,c("Event").Priority._BUBBLE);function f(){g(),d=c("Event").listen(document,a,b),c("setImmediateAcrossTransitions")(g)}function g(){d&&d.remove(),d=null}return{remove:function(){g(),e&&e.remove(),e=null}}},suppress:function(a){c("Event").kill(a)}};b=a;g["default"]=b}),98);.__d("EventLi

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 248

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:PNG image data, 13 x 39, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):573
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.342574100398678
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:6v/7tJori55HTMOdduUT0FaNApy064sgKl81zsIyVEsNoK3Rq6TzkNl:DrinHTMOjuUT0FQxlg881ziqj6/kNl
                                                                                                                                                                                                                                                                                      MD5:D3B686FF6004B431D5019E4B51A8CC0D
                                                                                                                                                                                                                                                                                      SHA1:34EC288BDCAD2EADA81C75960439BF60B95EB285
                                                                                                                                                                                                                                                                                      SHA-256:96E3E8DFDE6B1042514824BAC1B44282D4A76BAC028F2D767F6534DCE2CF3DB0
                                                                                                                                                                                                                                                                                      SHA-512:557DCD2FEBE12D091B96FE31087A48838058F67FB880B89D40A0C43E664BDF9F99ABB659CB263336DD03A86E55F0D9C7F1281D34155D03B236D71EB6B3FE1EB3
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png
                                                                                                                                                                                                                                                                                      Preview:.PNG........IHDR.......'.......2.....PLTEGpLW^mgn}dkzel{cjyfm|`gv\cr]dsPWfU\kSZiV]lQXgQXgbixPWfY`oY`oRYhPWfU\kgn}W^mgn}QXgdkz`gv\cr]dsU\kZapW^mcjyQXg...:X.....=Z.jq........p..ho~......gn}_fu...cjy\t....[bqel{...fm|^etX_n`gv...........ahw............|........`x.......Kf....<Z...[s...$tRNS...f.:..,z..p.2.....n..H..D0..l.....}:/....IDATx^..Wo.@...qo.W......0vz....duZtA.C.a.O#..}.x}.@...?.\7...Y]..k.L(..E..y-to"..g...bz...` ...O/........5....J.%.c.{.......e,...,...lq.....`sc}...N.......a:-1.O.4.Z....8.v.C..5.N...,.7.......|<d.).....Ut5...eO....IEND.B`.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 249

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (45534)
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):225285
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.389013737767993
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:pyEMF3S1d3wWLstPIEovvdQfaPvQmfIiBSQZWc1APF3SDRns71iMw8F6Oum19udD:xMFW3wIvLvLwDXYn6L9C/3dY357bM68
                                                                                                                                                                                                                                                                                      MD5:93ED91C82FE393973DD63EAE0F849E73
                                                                                                                                                                                                                                                                                      SHA1:3424F4D44A8FB55266F9F02DB4FAC958FBD69E4F
                                                                                                                                                                                                                                                                                      SHA-256:9596AFA1D6A63C08B54AFCCD1B4BBE312135C4ACE39C0689BA3BCC6B9D6C7FAD
                                                                                                                                                                                                                                                                                      SHA-512:01A9D0065AB54DF0066DE9ADA72C17B4CE332C846C92DC1727BA2A2BBEFA1B28F352A773C95FF7499A6279619A2DD73BB736DA5FBC3C594DC58A91F69DB8F8FC
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:;/*FB_PKG_DELIM*/..__d("EventListenerImplForBlue",["Event","TimeSlice","emptyFunction","setImmediateAcrossTransitions"],(function(a,b,c,d,e,f,g){function h(a,b,d,e){var f=c("TimeSlice").guard(d,"EventListener capture "+b);if(a.addEventListener){a.addEventListener(b,f,e);return{remove:function(){a.removeEventListener(b,f,e)}}}else return{remove:c("emptyFunction")}}a={listen:function(a,b,d){return c("Event").listen(a,b,d)},capture:function(a,b,c){return h(a,b,c,!0)},captureWithPassiveFlag:function(a,b,c,d){return h(a,b,c,{passive:d,capture:!0})},bubbleWithPassiveFlag:function(a,b,c,d){return h(a,b,c,{passive:d,capture:!1})},registerDefault:function(a,b){var d,e=c("Event").listen(document.documentElement,a,f,c("Event").Priority._BUBBLE);function f(){g(),d=c("Event").listen(document,a,b),c("setImmediateAcrossTransitions")(g)}function g(){d&&d.remove(),d=null}return{remove:function(){g(),e&&e.remove(),e=null}}},suppress:function(a){c("Event").kill(a)}};b=a;g["default"]=b}),98);.__d("EventLi

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 250

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:PNG image data, 24 x 12, 4-bit colormap, non-interlaced
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):210
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.305873369443647
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:6v/lhP0jTPBPjnGe+KkVwpNFu6rOMi8cuBp:6v/7MJPjVxceNjrz9v
                                                                                                                                                                                                                                                                                      MD5:CDF92E329CC12FA614A9B706250D8498
                                                                                                                                                                                                                                                                                      SHA1:D19753E0424B36D45A23360921C615F54FE59375
                                                                                                                                                                                                                                                                                      SHA-256:57EA54A19A47DC49BF624211F8827A5686BAB98DC994FE9762CFAD1ED332FFEA
                                                                                                                                                                                                                                                                                      SHA-512:DD4F74B340F5B14DE1FF570B87C44EAB811FAA90311F01FD3CC4BDD722FD30DDDADCA4BD55482031AF6512493C07A17409D7474C7B2D08B2D422162756298A4F
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.PNG........IHDR...............`F...'PLTE.$}.=.&E...+.Pb.fv.....................v&....gIFg....|Y.S...VIDAT..c.<.......1.!...r...`Ba.5..K..l.a...bs0.`..P9(...z..m.......fk0..&...x.`i.s.<...1%.*.s....IEND.B`.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 251

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:GIF image data, version 89a, 150 x 130
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):800
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.500898930564036
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:V3deBvJhxfv+7ESeL+u297muT2mJG6gnWjhLWIzBUf:Vmxh47kL3Y7fT2mb5dUf
                                                                                                                                                                                                                                                                                      MD5:B7CFF17978B53B7954F3043C7C2CCD32
                                                                                                                                                                                                                                                                                      SHA1:DB10A3F6C180DBBA72D3CCEB07BE84A2169A2521
                                                                                                                                                                                                                                                                                      SHA-256:9DF6DB008186A76547C58D18169FA420D3675F0FC9313125E5C45C4E8025432B
                                                                                                                                                                                                                                                                                      SHA-512:73D1C4F45B49CC8F7341200FFA81BFAEC3F8D5D751C7DD9AF9CF1EB6F59902BB34168C565E6EFCC1AC4B10F71E32B89B6F735CBD8CCE124719AD733662186E2F
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/sites/all/themes/freshmade/img/header.gif
                                                                                                                                                                                                                                                                                      Preview:GIF89a.......''')))***...+++(((,,,---000///111222333.........!.......,.............I..8...`(.di.h..l.p,.tm.x..|....pH,...r.l:...3@.Z..v..z..xL....z.n...|N.....~........................................................................................................................................H......*\....#J.H....3j.... ....I...(S.\...0c.I...8s.....@...J...H.*E....P.J.J...X.j....`..K...h.]...p..K...x........kE@.....+^....#K.L....3k.....C..M....S.^....c.M..f..s..........N.....+_.....K.N.....k........O......_..{....O..............(....h...&....6....F(..Vh..f...v.. .(.$.h.(...,...0.(.4.h.8.#.<...@.).D.i.H&..L6..PF).TVi.Xf..\v..`.).d.i.h...l...p.).t.i.x..|....*..j.&..6..F*.Vj.f..v...*.^...;

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 252

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):12629
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.923136784525462
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:YiZfhVaWKBBu4tFqn9nUWYX6fri7s4YXixdh/Hhe3:7NhVaWufZ6DiAbcpHM3
                                                                                                                                                                                                                                                                                      MD5:6E5EFCCDF748CC778BD48B9CD87F3782
                                                                                                                                                                                                                                                                                      SHA1:91BEB4CA03F00E8BE63261FC2F4D13DC538ED70F
                                                                                                                                                                                                                                                                                      SHA-256:FAD84EFA145FB507E5DF9B582FA01B1C4E6313DE7F72EBDD55726D92FA4DBF06
                                                                                                                                                                                                                                                                                      SHA-512:FAEEDDB69E0E2AB5EEFCEEB20C2BD3CAA03F2C0FA895DE8C9287FDB367D241AB0A8E4083145F642604CEF26DBE9211D4FCA8AA8F445638B2CA62F51F450784BF
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:/**. * For jQuery versions less than 3.5.0, this replaces the jQuery.htmlPrefilter(). * function with one that fixes these security vulnerabilities while also. * retaining the pre-3.5.0 behavior where it's safe to do so.. * - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022. * - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023. *. * Additionally, for jQuery versions that do not have a jQuery.htmlPrefilter(). * function (1.x prior to 1.12 and 2.x prior to 2.2), this adds it, and. * extends the functions that need to call it to do so.. *. * Drupal core's jQuery version is 1.4.4, but jQuery Update can provide a. * different version, so this covers all versions between 1.4.4 and 3.4.1.. * The GitHub links in the code comments below link to jQuery 1.5 code, because. * 1.4.4 isn't on GitHub, but the referenced code didn't change from 1.4.4 to. * 1.5.. */..(function (jQuery) {.. // Parts of this backport differ by jQuery version.. var versionParts = jQuery.fn.jquer

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 253

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (19948), with no line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):19948
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.261902742187293
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65
                                                                                                                                                                                                                                                                                      MD5:EC18AF6D41F6F278B6AED3BDABFFA7BC
                                                                                                                                                                                                                                                                                      SHA1:62C9E2CAB76B888829F3C5335E91C320B22329AE
                                                                                                                                                                                                                                                                                      SHA-256:8A18D13015336BC184819A5A768447462202EF3105EC511BF42ED8304A7ED94F
                                                                                                                                                                                                                                                                                      SHA-512:669B0E9A545057ACBDD3B4C8D1D2811EAF4C776F679DA1083E591FF38AE7684467ABACEF5AF3D4AABD9FB7C335692DBCA0DEF63DDAC2CD28D8E14E95680C3511
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:!function(){var e={343:function(e){"use strict";for(var t=[],n=0;n<256;++n)t[n]=(n+256).toString(16).substr(1);e.exports=function(e,n){var r=n||0,i=t;return[i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]]].join("")}},944:function(e){"use strict";var t="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto)||"undefined"!=typeof msCrypto&&"function"==typeof window.msCrypto.getRandomValues&&msCrypto.getRandomValues.bind(msCrypto);if(t){var n=new Uint8Array(16);e.exports=function(){return t(n),n}}else{var r=new Array(16);e.exports=function(){for(var e,t=0;t<16;t++)0==(3&t)&&(e=4294967296*Math.random()),r[t]=e>>>((3&t)<<3)&255;return r}}},508:function(e,t,n){"use strict";var r=n(944),i=n(343);e.exports=function(e,t,n){var o=t&&n||0;"string"==typeof e&&(t="binary"===e?new Array(16):null,e=null);var a=(e=e||{}).random||(e.rng||r)();if(

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 254

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:GIF image data, version 89a, 1000 x 150
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):1401
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.742574755380128
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:g76e4OWpgfM/2lYJbJW5RZEsR/HaA/rilPfZkr/XjdZ6dmQDCEgDmv1+8:A6/Smbo5RZ9R/fHrpZ2pmEgG+8
                                                                                                                                                                                                                                                                                      MD5:B57D11F10694DCA7D9BC95C57643035C
                                                                                                                                                                                                                                                                                      SHA1:57F89EA59F701058EA0581D6BEEDA425F61BB104
                                                                                                                                                                                                                                                                                      SHA-256:C674A7D5A982B656A41668A286E8DC16C467643A1A500634D445363C661ACF1E
                                                                                                                                                                                                                                                                                      SHA-512:E1F4796F770D260DB805926B787736F4DA3AB90B63FEC6EE17A7ABBD9879FB18524E9FEE59321FD05A599C8F4FB9995CF2B03639B2692C152CD12F949093AF41
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/sites/all/themes/freshmade/img/content-wrapper.gif
                                                                                                                                                                                                                                                                                      Preview:GIF89a.......................................................................................................!.......,..............A....(...E.5.d.x..|....pH,...r.l:..tJ.Z..v..z..C..)......H....AD2.T,.LF..................Cbdfhjlnp.rt%')+-/135...............egikmoq.s#.w.z.}...................v.y.|..................x.{...............U.S.`..)\........n.5....... C.|2q..j.}.e.'...0c.I.\......m..@...J.h....Y{..gK.P.J.J.(.(/.d....`..w..N..5.....p....0.E.[.n........t.J.k.+^....JS......3k.....7..M.t..Y..Vk...c...$a.M......P...+...+.".0Z.O.K.N.:............................x........n...(.C...[b.&........b.1(....v.U....r.x.u(.$..!{....,Jqb}..(.4......4.x`.<.)..>B8.HrX.vI6.d.Kf..T..e.Uf..uW...`..e.a.i.ic.x.l:.&.m.)'_o.i.q..|~.g...J...j(L.....%....h..V. m....x(.i..3i.............p.2..:.j............*..J.Y..h$..6.D..F+...Nkm...^...n..~+..kn........+....ko......../...+p...lp......./...?,...Olq.._.1..o....,..!.l.%.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 255

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:C source, ASCII text, with very long lines (10048)
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):33942
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.420824700906275
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:3A3SoJzYSerlLT8RinZnSegg600C2dPY+:wz2lYRapSz00/VV
                                                                                                                                                                                                                                                                                      MD5:06ABD4EC6A766E0A177EFD5803FFE6BF
                                                                                                                                                                                                                                                                                      SHA1:DAD3E5FA534D733D545FAA610FF465D734C26B45
                                                                                                                                                                                                                                                                                      SHA-256:83E904817FA9444160092A7845FAEF6C6C2F2C8D1CB63267DF3FE93682FA8A14
                                                                                                                                                                                                                                                                                      SHA-512:39B50D8A0E9E52BA675E3F5C42DBE9F3B369EF958AB95E359E7FBE80D0648D28762417FCCD0D2DC929E9C2E2897950800820866CBD44B88B3E6F90943EE5CEF5
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://static.xx.fbcdn.net/rsrc.php/v3issO4/yc/l/en_US/YYUppJnv9Es.js
                                                                                                                                                                                                                                                                                      Preview:;/*FB_PKG_DELIM*/..__d("ManagedError",[],(function(a,b,c,d,e,f){a=function(a){babelHelpers.inheritsLoose(b,a);function b(b,c){var d;d=a.call(this,b!==null&&b!==void 0?b:"")||this;b!==null&&b!==void 0?d.message=b:d.message="";d.innerError=c;return d}return b}(babelHelpers.wrapNativeSuper(Error));f["default"]=a}),66);.__d("AssertionError",["ManagedError"],(function(a,b,c,d,e,f,g){a=function(a){babelHelpers.inheritsLoose(b,a);function b(b){return a.call(this,b)||this}return b}(c("ManagedError"));g["default"]=a}),98);.__d("Assert",["AssertionError","sprintf"],(function(a,b,c,d,e,f,g){function h(a,b){if(typeof a!=="boolean"||a===!1)throw new(c("AssertionError"))(b);return a}function i(a,b,d){var e;if(b===void 0)e="undefined";else if(b===null)e="null";else{var f=Object.prototype.toString.call(b);f=/\s(\w*)/.exec(f);e=f==null?typeof f:f[1].toLowerCase()}h(a.indexOf(e)!==-1,(f=d)!=null?f:c("sprintf")("Expression is of type %s, not %s",e,a));return b}function a(a,b,c){h(b instanceof a,(a=c)!=nu

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 256

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):1280
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.558054323600257
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:gqSNJ0c1sp7wQnkD5uWbno4F6mZ8VWYYPGMavRrx077matgyq:gL0iWTnmuWl9Z+AP5aJrxaVdq
                                                                                                                                                                                                                                                                                      MD5:5A708FEC880E7AF7052ED9DE366C9EAA
                                                                                                                                                                                                                                                                                      SHA1:64C13037B062062B9F342E019A963EB341BFC9E8
                                                                                                                                                                                                                                                                                      SHA-256:F0B8B3B1D6357BB1440CC5689519C97833550767634F0D0B35EA424F0712D00F
                                                                                                                                                                                                                                                                                      SHA-512:CECAB2EFD0E455B0CC4A8B43C5463A4D575BDDAC82F361A0AC96F58FD1A7EEDC8ADDB5EF79E8E8259D2D57676977561CA6F1D30C56A01928065399A9F6603407
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://scontent-msp1-1.xx.fbcdn.net/v/t39.30808-1/305658665_411128564497493_3948090867100769521_n.jpg?stp=cp0_dst-jpg_s50x50&_nc_cat=110&ccb=1-7&_nc_sid=6738e8&_nc_ohc=ILFttH4rPpYQ7kNvgEXQC67&_nc_ht=scontent-msp1-1.xx&edm=AEDRbFQEAAAA&_nc_gid=A4syIzp1y9Bx-a7cihdwta0&oh=00_AYA9WCkZOMo01cK7VhGgG8y9efecxW6MGJWI6xwYX39svg&oe=670A2166
                                                                                                                                                                                                                                                                                      Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6a010000c60100003a020000600200009a0200002b030000aa030000e00300000b0400004204000000050000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2..".........................................................................S=1"Z....*...\.b...{..avR.w.x...........?............................ ..3...............^].....G|.~.7.$.Ygx....6Ae'.~Z...T....U..O.,..,....77.X.~....R.....]G........................ 0........?..........................!0........?........*.......................!"1. aq.02Q.A............?..F..op.K..m=?.G.*a.J......(.....G.+...D..f.....RN.J9.b.......0..o.}sf.....q.x.Pa.A/.)q.~S*k.......$....................!1A.. Qa..q...........?!D..BlR$.$-...`.....^,./...op."h(86.d...u....e..!.....2..0...5... ......<.S.u(7.d...i.Yb.....D.f!.H..R..g..T....................<.O<.....<........................ !01........

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 257

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (7809)
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):326935
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.569480325299542
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6144:p47RIGKlqXm5bMvO5K1x72Dej7sssFVVl2pd:i7RwUXm5TlO
                                                                                                                                                                                                                                                                                      MD5:F3017E6D1A27D9DB9D476357CCBDDF23
                                                                                                                                                                                                                                                                                      SHA1:7CB55002EC356FAD8F7FB274F6BB798C86E44E10
                                                                                                                                                                                                                                                                                      SHA-256:45F880D4C07A4E3D15D1F8584B3DF85C4C210F44FCD185006F5FD380CFFA5A49
                                                                                                                                                                                                                                                                                      SHA-512:5523F7644B1D32EB68FD13084FE060C8D077745D3813F41D7DD9D8E6DB056BBEF2CE67F01F4361209027E469EC5581BBAD650E4E41497A6F0039BF55DC03818B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_1p_data_v2","priority":18,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_lastNameType":"CSS_SELECTOR","vtp_autoAddressEnabled":false,"vtp_regionValue":"","vtp_countryValue":"",

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 258

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2974
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.479836987832445
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:EgyBwMv6p5xvl16d7r3J9HW4cB7ALe//853L2DhPhmjNy3YuzaVHZ57qXvAapFyI:lyfv6Tpv6d7r5A4ctT3WCtPAp0YuzatM
                                                                                                                                                                                                                                                                                      MD5:CCEEBAD9BBB56917E310D1A7369F267B
                                                                                                                                                                                                                                                                                      SHA1:5866489ECB92B075184C24174D9A22EDC295B19D
                                                                                                                                                                                                                                                                                      SHA-256:1430F42C0D760BA8E05BB3762480502E541F654FEC5739EE40625AB22DC38C4F
                                                                                                                                                                                                                                                                                      SHA-512:8274447A72A9088A776AC2CC349C122647CE2B43BE8E9B9F36361A57091A025F8E621BB574F92A2799909DCFF0822D3D54379B1A9F32B7F4ACDB5D99EA075A0A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:./**. * jQuery Once Plugin v1.2. * http://plugins.jquery.com/project/once. *. * Dual licensed under the MIT and GPL licenses:. * http://www.opensource.org/licenses/mit-license.php. * http://www.gnu.org/licenses/gpl.html. */..(function ($) {. var cache = {}, uuid = 0;.. /**. * Filters elements by whether they have not yet been processed.. *. * @param id. * (Optional) If this is a string, then it will be used as the CSS class. * name that is applied to the elements for determining whether it has. * already been processed. The elements will get a class in the form of. * "id-processed".. *. * If the id parameter is a function, it will be passed off to the fn. * parameter and the id will become a unique identifier, represented as a. * number.. *. * When the id is neither a string or a function, it becomes a unique. * identifier, depicted as a number. The element's class will then be. * represented in the form of "jquery-once-#-processe

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 259

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:GIF image data, version 89a, 150 x 46
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):5195
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.715601612065373
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:hp0tBfCOclKkGirI52KKgeZ6ejIpRqZIptKy5t0s8BoflZMCyqDdB9kTYhf/qlwA:307CEirI55Amq0tKu0Mfzpy8dzSlw+IG
                                                                                                                                                                                                                                                                                      MD5:E9D15D0766121785DF8D5EDD850D7ECC
                                                                                                                                                                                                                                                                                      SHA1:798A48927037F5EEC1FEA05D1AD2519FEFE559AA
                                                                                                                                                                                                                                                                                      SHA-256:8F387CAA4B0E01F22A467BCC511CB045BCEA2E1DDFDEDE02EBA535D76AADBC1C
                                                                                                                                                                                                                                                                                      SHA-512:9D4113EFD214618B20E21620DB425DE8787591439B2F64AFF46313B48A63772E0CF90547C18F5C86EF2E7774F81E36A981FD6702148A04AD5E868F17C0CD7479
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/sites/all/themes/freshmade/img/navigation.gif
                                                                                                                                                                                                                                                                                      Preview:GIF89a........m+.p..y6.x5.e$.l*.g&.s1.w4.q/.h&.j(.f%.o-.v3.n,.u3.t2.r0.i'.k).g%.i(.e#.x6.v4.t1.s0.h'.u2.w5.f$.d".y7.z8.t1.j).c!.b .x6.{8.i'.c".f%.u3.i(.{9.w5.b .b!.v3.|8.a .w4.k).k*.d".v4.e$.y7.r/.j).q..z8.t2.h'.q..|8.a!.e#.x5.p-.m,.g&.k*.y6.n+.f$.g%.b".{9.c!.r/.n,.l+.{7.|9.a!.l*.o-.j(.{8.s1.o,.z7.r0.q/.b!.o-.n-.u2.q0.n-.l+.s0.d#.c#.o,.q/.o..b".e$.{7.p-.h&.z6.t2.n,.m+.c#.k(.l*.r1.z6.n+.k).r0.t3.l).l).x5.z7.y5.i&.x4.c".w4.d$.e%.i'.g%.t0.m,.g$.q0.y5.m*.g'.p/.f&.w3.y6.i).i&.t3.p/.v4.v5.d$.k(.d#.v3.f%.p..w3.g$.m*.v2.i(.m+.f&.x4.o..d".p..l,.r1.e%.v2.d!.y7.t0.q..a .d#.c".s*.L..M.b!.z7.{8.|9.a ..........................................................................................................................................................................................!.......,............y..H......*\.......H....3j.... C.ta....(.A1.R.......6d...(..1...3n.$i.e.!P\......%......1..s.e..!EQ..9.J..Q.|.e....rf.Y.fJ..^Z.ee..N..`.....j..Hz2..!Lgt..Ul...Pd..S....Uz..4..:.'..3n._A

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 260

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):550
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.663624277891265
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:stFJOJj7VZIKaKrv+7M287Pu7P73/3grP73/3ReX47NFFEiA:s4JnbN+7H87Pu7P7v3AP7v3R447DFg
                                                                                                                                                                                                                                                                                      MD5:3FD6BF194FE0784421357BD19F77C161
                                                                                                                                                                                                                                                                                      SHA1:12CE76ACEBC9130FC7C25E9A14E6F2C7F38B0AD4
                                                                                                                                                                                                                                                                                      SHA-256:E3AD317A103B4271C6D00CB97957C0D8E0F5BFD6CDC74976D022DD526963ECDF
                                                                                                                                                                                                                                                                                      SHA-512:B9E21542F1A829AD5EF2FD7B616F6EDEF97DE75BCA3FABBE0AF703ABBBA5494303A1071B0C1554662DD282F9D6774F4A5C7814D5576C288B2214B863CBF703E2
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/modules/field/theme/field.css?s7978o
                                                                                                                                                                                                                                                                                      Preview:./* Field display */..field .field-label {. font-weight: bold;.}..field-label-inline .field-label,..field-label-inline .field-items {. float:left; /*LTR*/.}../* Form display */.form .field-multiple-table {. margin: 0;.}.form .field-multiple-table th.field-label {. padding-left: 0; /*LTR*/.}.form .field-multiple-table td.field-multiple-drag {. width: 30px;. padding-right: 0; /*LTR*/.}.form .field-multiple-table td.field-multiple-drag a.tabledrag-handle {. padding-right: .5em; /*LTR*/.}..form .field-add-more-submit {. margin: .5em 0 0;.}.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 261

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1140)
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):1464
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.149208880585223
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:N0hJx3i749F8cBPfk2itw2N/G7y73Be7xYXAL8y73jncStFjy73X+8xYXAodYXQr:N0nx3YsF87ntw2Q7cBYxYQL8cjncsFjJ
                                                                                                                                                                                                                                                                                      MD5:B4CFA1D07F60EEBD4746A3941196BD67
                                                                                                                                                                                                                                                                                      SHA1:942EF6A5CC88258AAEB743A16847F1D09FED0E0E
                                                                                                                                                                                                                                                                                      SHA-256:D24A2E5DB8C476184F3F4B28FE5BE7CFD159C276D1F58AF244D72DE55D5DEE16
                                                                                                                                                                                                                                                                                      SHA-512:92B37DDB9062505222BF0EA74F94A1E0BCF017FAB20B2F6C6C508B668390965508EE06A591495F9D6A1510B2C17005D2E87A8413B9633052C8640DBA95FEE91A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/sites/all/libraries/superfish/jquery.hoverIntent.minified.js?s7978o
                                                                                                                                                                                                                                                                                      Preview:/**.* hoverIntent r6 // 2011.02.26 // jQuery 1.5.1+.* <http://cherne.net/brian/resources/jquery.hoverIntent.html>.* .* @param f onMouseOver function || An object with configuration options.* @param g onMouseOut function || Nothing (use configuration options object).* @author Brian Cherne brian(at)cherne(dot)net.*/.(function($){$.fn.hoverIntent=function(f,g){var cfg={sensitivity:7,interval:100,timeout:0};cfg=$.extend(cfg,g?{over:f,out:g}:f);var cX,cY,pX,pY;var track=function(ev){cX=ev.pageX;cY=ev.pageY};var compare=function(ev,ob){ob.hoverIntent_t=clearTimeout(ob.hoverIntent_t);if((Math.abs(pX-cX)+Math.abs(pY-cY))<cfg.sensitivity){$(ob).unbind("mousemove",track);ob.hoverIntent_s=1;return cfg.over.apply(ob,[ev])}else{pX=cX;pY=cY;ob.hoverIntent_t=setTimeout(function(){compare(ev,ob)},cfg.interval)}};var delay=function(ev,ob){ob.hoverIntent_t=clearTimeout(ob.hoverIntent_t);ob.hoverIntent_s=0;return cfg.out.apply(ob,[ev])};var handleHover=function(e){var ev=jQuery.extend({},e);var o

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 262

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):875
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.781143340869334
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:YUFWLwhmwhEhVIwhdIrlkHw0hh1zMuAHHIwPIw6gIrW:YUMLwEwmhOwf6kHwKh1zWowgw6gv
                                                                                                                                                                                                                                                                                      MD5:B778F7368BFBFF79A3693D857A82B1A7
                                                                                                                                                                                                                                                                                      SHA1:F164D6A283E346AA581B8609F561B4606FD1B81F
                                                                                                                                                                                                                                                                                      SHA-256:5F21C9572EB4ACA5D25D08458D0D26CF5D8DAC5290A0F0B04C2B3F00A13DBD72
                                                                                                                                                                                                                                                                                      SHA-512:AA7E737AA6D386FBFE0ECB454481EA0472306AC2E078F5006489BFA35BC0B8F076DDF76F8219F5592381541C25D290C6C626AAB16DFD17A311F555C3CD29C951
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/modules/locale/locale.css?s7978o
                                                                                                                                                                                                                                                                                      Preview:..locale-untranslated {. font-style: normal;. text-decoration: line-through;.}..#locale-translation-filter-form .form-item-language,.#locale-translation-filter-form .form-item-translation,.#locale-translation-filter-form .form-item-group {. float: left; /* LTR */. padding-right: .8em; /* LTR */. margin: 0.1em;. /**. * In Opera 9, DOM elements with the property of "overflow: auto". * will partially hide its contents with unnecessary scrollbars when. * its immediate child is floated without an explicit width set.. */. width: 15em;.}.#locale-translation-filter-form .form-type-select select {. width: 100%;.}.#locale-translation-filter-form .form-actions {. float: left; /* LTR */. padding: 3ex 0 0 1em; /* LTR */.}..language-switcher-locale-session a.active {. color: #0062A0;.}..language-switcher-locale-session a.session-active {. color: #000000;.}.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 263

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:GIF image data, version 89a, 1000 x 46
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):3065
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.821719295775181
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:vvP2Jv9bsyIzgBFC6oxytPhfYaoWZmwWfJn2z0aL7NYf5GSyI5m/vLY4seSe7od2:vmJvGlJDnaoOmwT0aL7SB5mbY4s47ola
                                                                                                                                                                                                                                                                                      MD5:823C3ED75C038DD64A53916E6C8F91D1
                                                                                                                                                                                                                                                                                      SHA1:149050D6359AFFAC53D87A64210E53E71D58A608
                                                                                                                                                                                                                                                                                      SHA-256:BC6DA901C70977D77ECD68C065F75167D3E7A962073D5459198101237A60679A
                                                                                                                                                                                                                                                                                      SHA-512:3E21BF86B3013822B90D55D9E07748CBC8E0FEE4DFEA1E9FFDB00BC7E8334BF163A02F0A41514AEB7139B4E083C468FD2626DB1E4F717B5F7D03F047584A1BB8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/sites/all/themes/freshmade/img/navigation-wrapper-2.gif
                                                                                                                                                                                                                                                                                      Preview:GIF89a........a).]..Z .f-.`&.r4.\!.` .x7.V..W..b".`".L.f%.^$.v4.t3.l*.[..v6.d$.f'.zB.s3.r0.H.^ .r*.p/.n-.t4.l,.f&.{8.s1.q2.\..j,.h(.o0.x7.j0.o-.\..p0.h*.j*.j..n,.g&.b$.j).h(.p0.Z..E.C.t5.s2.l,.l0.i*.n2.T..l1.d%.j'.^..h/.n1.g,.g,.G.k..K.n(.c$.c(.k..m..J.J.f(.u3.o2.a".F.v5.d).\".^".^#.d%.F.n..d&.^..r3.`!.yA.h*.b&.X..f+.j-.f+.f%.w6.m0..D.b#.Z!.`$.d*.j).[ .j1.d'.m(.z7.d(.o2.Z".^&.f&.h*.H.U..t2.h(.e*.e&.b(.` .`'.x5.p..j,.r4.X..q2.e*.\$.a$.^$.m2.d#.d,.a".X..t6.i..n3.w5.k'.V..i,.J.n0._ .V..Y..s2.g..h-.c#.p).a&.o3.c#.b%.u5.q/.l*.l/.k0.g).b%._".Y..y6.y7.q0.m,.`..e'.e%.a".] .]#.]#.Y .z8.z7.n/.b!.v6.m/.h0.n1.u6.r1.H.m..I.G.o/.|C.p4.l..a&.K.] .S..m1.U..H.Z!.i/.K.G.k*.S..^&.[#.n..v5.m..r3.X .i..l0.i+.s5.n/.g'.d'._#.e%.S..T..u3.Y..U..i).g'.c%.Z".a!.W .]&.q1.v3.p....!.......,................[.)R.-......8r..G....3j.... C..I...(S.\...0c.I...8s...'H...:.,..(.....4X0[..).J....Re.....`..K...h.]...!....)U...t.*&..-.L....4..6..Y-.Jk..p#K.L....3k...?..$.HE"...)..n...-a.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 264

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:assembler source, ASCII text, with very long lines (409)
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):16643
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.145520964320989
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:2J/04JaciZGpJmCgeIeJl6fXOrqk9ynjUVeGifmMgAlvZB:jS0aJmCgntGrqkgnjUVTrAlBB
                                                                                                                                                                                                                                                                                      MD5:E6F48A86BB6B2DF8A9D364DD414453F7
                                                                                                                                                                                                                                                                                      SHA1:DE9D6BFC06C1681ACEDC37BDD554CDC9C8871A91
                                                                                                                                                                                                                                                                                      SHA-256:95E7874D126258D4ACE491AC2C2358FA12780F42A45C2050D730C45DD5B0D076
                                                                                                                                                                                                                                                                                      SHA-512:744F4FCE788287B47AEF3058A0DBFF4ED642436821FB76C28250AB6622DC9967A782AD9C329992A5ED12463E75A2A9E07F7453241C4D1ACD8FEDA8A25B9FBA9A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/sites/all/themes/freshmade/style.css?s7978o
                                                                                                                                                                                                                                                                                      Preview:/* .Template name: Freshmade Software.Template URI: http://templates.arcsin.se/freshmade-software-website-template/.Release date: 2009-06-21.Last updated: 2009-08-10.Description: A software company styled template in light colors of white, orange and brown..Author: Viktor Persson.Author URI: http://arcsin.se/..This template is licensed under a Creative Commons Attribution 2.5 License:.http://templates.arcsin.se/license/.*/.../* . Reset.------------------------------------------------------------------- */..html, body, div, span, object, iframe, h1, h2, h3, h4, h5, h6, p, blockquote, pre, a, abbr, acronym, address, code, del, dfn, em, img, q, dl, dt, dd, ol, ul, li, fieldset, form, label, legend, table, caption, tbody, tfoot, thead, tr, th, td, textarea, input, select {margin: 0; padding: 0; border: 0; font-weight: inherit; font-style: inherit; font-size: 100%; font-family: inherit; vertical-align: baseline;}.table {border-collapse: collapse; border-spacing: 0;}.caption, th, td {text

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 265

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (327)
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):507
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.35758988661724
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:zOp1mBBkdC4qYEruh/RwUHRLx6nCriLQ/:01ndCzOmUHBAnCGLo
                                                                                                                                                                                                                                                                                      MD5:759DF6E181340EF0A76A1BAB457EBB22
                                                                                                                                                                                                                                                                                      SHA1:2AFDFA1808428E97F7F8FAEA0624C8402956B04E
                                                                                                                                                                                                                                                                                      SHA-256:9E57FEDB96B3686621BCCD5521F43A2037A823C74F062176952890B179B3955B
                                                                                                                                                                                                                                                                                      SHA-512:2E20C1B3B445DD0B143DC636EAC9421454B1615A6CE0BE63AFA012E7571385F346F456B9FF25545FD90AE11DD08B23F03F36F2242C817855D26578FC9F5C94BA
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js
                                                                                                                                                                                                                                                                                      Preview:;/*FB_PKG_DELIM*/../**. * License: https://www.facebook.com/legal/license/V9vdYColc4k/. */.__d("react-0.0.0",["React"],(function(a,b,c,d,e,f){"use strict";function a(a){return a&&typeof a==="object"&&"default"in a?a["default"]:a}var g=a(b("React"));d={};var h={exports:d};function i(){h.exports=g}var j=!1;function k(){j||(j=!0,i());return h.exports}function c(a){switch(a){case void 0:return k()}}e.exports=c}),null);.__d("react",["react-0.0.0"],(function(a,b,c,d,e,f){e.exports=b("react-0.0.0")()}),null);

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 266

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):24700
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.968528865651736
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:GHfwcaJBgSMmGgHQJggggIbMTD61ZbaneHs2A3LnHBApq2vx:5caJ9MmGg9cywneHhNvx
                                                                                                                                                                                                                                                                                      MD5:3A7C8CB6C41065D85F69EE094369914F
                                                                                                                                                                                                                                                                                      SHA1:D135A90F955A639B78C2715EAEED0E942DC97628
                                                                                                                                                                                                                                                                                      SHA-256:634C02A4972A052FF5A0A7FF0A2DDF218A74EC7A6357D5AD0596540A23151EAF
                                                                                                                                                                                                                                                                                      SHA-512:708099A2BF7488FD1941B2047EBA7FB568D8A867C9B26FC40BFBE55958837FC73109F4AF5E955D7ACBB15419F1FFA89C139C2D30FFBB9F8071CE47F80B925624
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......JFIF......................................................................................................................................................h....".........................................]..........................."#..23CRT...$4BSbcst.....Dr.!5Qd.........Uu...%1AE..ae..6q.....&................................/........................."...2B.!#13AR4CQSs..............?..*...#..%..V...4...F...8X..../T....K....<...o0B..9.....mh....!.U[....F....L)B....9sJ.J..Ta......3.]...d............9.Q.I..$...}_..I.~...7...pl.ft..L1....c.1..bWm.....`......O.g6..._%C...*..`.......'2ff..S..f ...^....P.FvF.a../F..........I..H.\ {.^"J.c9.\..d3..d%....K.. B.....b,@.X... e...b.P... e...b.R..K..(K.-.(O$ B..$X..K.. B..E.....K@....b.P...".P..."fP... e.v"..B].....bB.!-.... B...B.I.l.....w....q..qt...d... .:...:Q.+..a.G...."G.uq.2...E.L.q/!...|..I.#./...6K..s.<G..pb..........]..h.~6....{.T......F..v2H..t..a.b..s.@...3$....#..g..p.sx...Z....yo...h...H\

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 267

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):564
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.747460255984302
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:nnljIwUb3LbvWtwbkQbzEOnbbLgZhb67qKXIIDtlh7JGXIIDGrvO:nt6bbb5bZbzEybb87b67qKXIM7YXI3r2
                                                                                                                                                                                                                                                                                      MD5:648EC873B4B9E80880653FBAE1F5B235
                                                                                                                                                                                                                                                                                      SHA1:2D39A14303D8D44ED1F76F7966222694F3CE8298
                                                                                                                                                                                                                                                                                      SHA-256:50F8D8E45F6742713A156C9FCF1B20D7C8C2DBDDC7C649B76EE377775C6C4B83
                                                                                                                                                                                                                                                                                      SHA-512:3AC801031E736239CDAE5C745A0E74B5B2CB4C4FE9AF2E08CEA7B52A2DF36EF6FF7012F45CF6982B7716379949E5A7AAF75A0C73BABE6F8D6A039AE221E29A52
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/modules/search/search.css?s7978o
                                                                                                                                                                                                                                                                                      Preview:..search-form {. margin-bottom: 1em;.}..search-form input {. margin-top: 0;. margin-bottom: 0;.}..search-results {. list-style: none;.}..search-results p {. margin-top: 0;.}..search-results .title {. font-size: 1.2em;.}..search-results li {. margin-bottom: 1em;.}..search-results .search-snippet-info {. padding-left: 1em; /* LTR */.}..search-results .search-info {. font-size: 0.85em;.}..search-advanced .criterion {. float: left; /* LTR */. margin-right: 2em; /* LTR */.}..search-advanced .action {. float: left; /* LTR */. clear: left; /* LTR */.}.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 268

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):5428
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.936047940083033
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:EzwJdf2RClyM4bErEAn+8PKcbPTJlJfKgMJINp0n+r:vJco4A+D+bKgYI5r
                                                                                                                                                                                                                                                                                      MD5:110CAA93C3FFF11BFABFE651D0135248
                                                                                                                                                                                                                                                                                      SHA1:58A68879EF48726396BA84D3AAFAE3034F53A58F
                                                                                                                                                                                                                                                                                      SHA-256:BF6028E15A460586C16ADB0210D268374501F60ECF36F11E554E2FFD089C636B
                                                                                                                                                                                                                                                                                      SHA-512:340B7F59340EFD8829D98EE33DBEE6A5767F1C7AC1836E2BDC8297A222750FEDA5AE4383523936E7DAD26B9AAEE368D968A70A6484B75D88D7236AFC1B36D16D
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/modules/system/system.base.css?s7978o
                                                                                                                                                                                                                                                                                      Preview:./**. * @file. * Generic theme-independent base styles.. */../**. * Autocomplete.. *. * @see autocomplete.js. */./* Suggestion list */.#autocomplete {. border: 1px solid;. overflow: hidden;. position: absolute;. z-index: 100;.}.#autocomplete ul {. list-style: none;. list-style-image: none;. margin: 0;. padding: 0;.}.#autocomplete li {. background: #fff;. color: #000;. cursor: default;. white-space: pre;. zoom: 1; /* IE7 */.}./* Animated throbber */.html.js input.form-autocomplete {. background-image: url(../../misc/throbber-inactive.png);. background-position: 100% center; /* LTR */. background-repeat: no-repeat;.}.html.js input.throbbing {. background-image: url(../../misc/throbber-active.gif);. background-position: 100% center; /* LTR */.}../**. * Collapsible fieldsets.. *. * @see collapse.js. */.html.js fieldset.collapsed {. border-bottom-width: 0;. border-left-width: 0;. border-right-width: 0;. height: 1em;.}.html.js fieldset.collapsed .fieldset-wrapper {. di

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 269

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (6040)
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):30864
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.484725023735489
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:7sh6SmlA0ucRJij8qvHT95OjvbNyWBtaAUByfOQHr:7xFRUfL9FmuyWQHr
                                                                                                                                                                                                                                                                                      MD5:652185512A0BA697E71BDE78546EEBCA
                                                                                                                                                                                                                                                                                      SHA1:C898644D7B83BA5F0CD62302ABA4396AB789C80E
                                                                                                                                                                                                                                                                                      SHA-256:D880B04EE876D56A2D46C98470697434FDE5B1F86473FFEF45BF381B39C3EDA9
                                                                                                                                                                                                                                                                                      SHA-512:870EC4B1AB299685EEFD4BDE2D183762C1D7788545C6FE675F8DC995048835DFFC02DD046A07F23F77E7B3948B0E86C06541F8ED5416B68CD749A8DA72D88597
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:;/*FB_PKG_DELIM*/..__d("BanzaiLogger",["cr:9989"],(function(a,b,c,d,e,f,g){function h(a){return{log:function(c,d){b("cr:9989").post("logger:"+c,d,a)},create:h}}a=h();c=a;g["default"]=c}),98);.__d("BehaviorsMixin",[],(function(a,b,c,d,e,f){var g=function(){function a(a){this.$1=a,this.$2=!1}var b=a.prototype;b.enable=function(){this.$2||(this.$2=!0,this.$1.enable())};b.disable=function(){this.$2&&(this.$2=!1,this.$1.disable())};return a}(),h=1;function i(a){a.__BEHAVIOR_ID||(a.__BEHAVIOR_ID=h++);return a.__BEHAVIOR_ID}a={enableBehavior:function(a){this._behaviors||(this._behaviors={});var b=i(a);this._behaviors[b]||(this._behaviors[b]=new g(new a(this)));this._behaviors[b].enable();return this},disableBehavior:function(a){if(this._behaviors){a=i(a);this._behaviors[a]&&this._behaviors[a].disable()}return this},enableBehaviors:function(a){a.forEach(this.enableBehavior,this);return this},destroyBehaviors:function(){if(this._behaviors){for(var a in this._behaviors)this._behaviors[a].disable

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 270

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (20634)
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):356051
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.402439887651169
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:Wco7Fh5yDvd2yjEKLPGMZMg9bV4LG77jzfw+1f8/:Wrv8Dvd0KLPGMZZ9bVF7w+1f8/
                                                                                                                                                                                                                                                                                      MD5:05CC55C147DF1E4C8330D3EC129B810C
                                                                                                                                                                                                                                                                                      SHA1:11817889226C1D7884AD7A8E3FDEAEF901EAFF02
                                                                                                                                                                                                                                                                                      SHA-256:4157ED2EFB6E1795A1E2014CBE26C2FC97E9749491168AF2282E066F6BBAEB49
                                                                                                                                                                                                                                                                                      SHA-512:A8B1248AD466459576246CE0EB91A8778B715A831E48BDF82E4D9FA537695BE8E7705B9CD033B30A7D6CD3391234C4C04A82ECCF0750D3BB6DE021F4BA2428DB
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:;/*FB_PKG_DELIM*/.."use strict";(function(){var a=typeof globalThis!=="undefined"&&globalThis||typeof self!=="undefined"&&self||typeof global!=="undefined"&&global;if(typeof a.AbortController!=="undefined")return;var b=function(){function a(){this.__listeners=new Map()}a.prototype=Object.create(Object.prototype);a.prototype.addEventListener=function(a,b,c){if(arguments.length<2)throw new TypeError("TypeError: Failed to execute 'addEventListener' on 'CustomEventTarget': 2 arguments required, but only "+arguments.length+" present.");var d=this.__listeners,e=a.toString();d.has(e)||d.set(e,new Map());var f=d.get(e);f.has(b)||f.set(b,c)};a.prototype.removeEventListener=function(a,b,c){if(arguments.length<2)throw new TypeError("TypeError: Failed to execute 'addEventListener' on 'CustomEventTarget': 2 arguments required, but only "+arguments.length+" present.");var d=this.__listeners,e=a.toString();if(d.has(e)){var f=d.get(e);f.has(b)&&f["delete"](b)}};a.prototype.dispatchEvent=function(a){if

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 271

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:GIF image data, version 89a, 1000 x 150
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):3177
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.861822696478367
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:4440qQpzKB5Q6jZHcyTh2XH/PjMy/QKcLhi4g1+c:AkKB5Q6bT83/rMjKybc
                                                                                                                                                                                                                                                                                      MD5:C7707375A6FC42E32A1488B6A247EB1C
                                                                                                                                                                                                                                                                                      SHA1:83E07332FEC68EAE216FC89BEDCE0E48E8171BF8
                                                                                                                                                                                                                                                                                      SHA-256:E5C66A147E466DAFACB77615095AE68CF5DBF73D6B40159A021A728839795ED9
                                                                                                                                                                                                                                                                                      SHA-512:72957613DEB1DA5A0D4F47EF6249A13C3EE27232842EB6ED326AE30C70F5B3FA3B6497D1CC61C4EB910553FC52DC1FD5E424F25D32E13FADEFB3E12BC1916368
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/sites/all/themes/freshmade/img/footer-wrapper.gif
                                                                                                                                                                                                                                                                                      Preview:GIF89a.......................................................................................................!.......,........... !.....P(.@..4.f.x..|....pH,...r.l:..tJ.Z..v..z.BG..@@.....:.F...R.\0...................Cbdfhjl.n.pr%')+-/135...............egikm.o.q#.u.x.{..................t.w.z................s.v.y...............re...W6}..*\..Cp........w..=.... C6.....|.a.'...0c..F.4..R^..l..@....f4........P.J%jtbR..W.....`.U5I..R...]...FcoV$....x....wI\.8.^4.......{2.Y.[.K.L.rL.e...z...C..|....S.^....X.6mM....^...0.........f..+_.<Gq.Y.7.N.......w..c.......\........a....s....+........8...m'...&......sTc.....Vh.(.j7..v.a..JH.$.hb.!...,..".).g.4..b....'....@.Y....i...i .L6Y...:)..A9".Xfy..+j..q9#.d....f..&bh...n...t...3%.e..W...3....$h..&...6.(>.>*..DJ.&ci..v....**.w.c.`..W...O..Z..z9.j...*.Y...#........k......D$.....l..>;m....{m...m...m..v:n..Rzn..6.n....n...9o...yo....o..k.o..K9p...yp...p....p....k...)b..w.....l!.".. .&.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 272

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):3415
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.7320912976466625
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:8x92YTc7OfmmoRQ91aXgFCj8kBDfUB35FjY6v5xCTque+ac:1Y+iJucA8OD8BJFjYLTque+ac
                                                                                                                                                                                                                                                                                      MD5:73CC1B4B47E9A54A3732CFC8D09BF2B0
                                                                                                                                                                                                                                                                                      SHA1:9B94000F047EFBF2C40E686432651303F2666375
                                                                                                                                                                                                                                                                                      SHA-256:C54103BA57EE210CA55C052E70415402707548A4E6A68DD6EFB3895019BEE392
                                                                                                                                                                                                                                                                                      SHA-512:FE7796B87610CABC4E52E4CD3D2DE5E552A8AC2D042BC52068CFA5B4EC7DB78AF343E7C7AF5B72606195168608335BEFD058F84BD1EB6BE6D03DD3309548ABA3
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/misc/jquery-extend-3.4.0.js?v=1.4.4
                                                                                                                                                                                                                                                                                      Preview:/**. * For jQuery versions less than 3.4.0, this replaces the jQuery.extend. * function with the one from jQuery 3.4.0, slightly modified (documented. * below) to be compatible with older jQuery versions and browsers.. *. * This provides the Object.prototype pollution vulnerability fix to Drupal. * installations running older jQuery versions, including the versions shipped. * with Drupal core and https://www.drupal.org/project/jquery_update.. *. * @see https://github.com/jquery/jquery/pull/4333. */..(function (jQuery) {..// Do not override jQuery.extend() if the jQuery version is already >=3.4.0..var versionParts = jQuery.fn.jquery.split('.');.var majorVersion = parseInt(versionParts[0]);.var minorVersion = parseInt(versionParts[1]);.var patchVersion = parseInt(versionParts[2]);.var isPreReleaseVersion = (patchVersion.toString() !== versionParts[2]);.if (. (majorVersion > 3) ||. (majorVersion === 3 && minorVersion > 4) ||. (majorVersion === 3 && minorVersion === 4 && patchVersion >

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 273

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):3711
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.974325821662646
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:lUngw3bxjqmP3dFEnHCr6OFNH5PM9Or7l5XM5SMCzE9EqwaDZ:lUnguv3dFEnHCrfZ0g73XMEXM
                                                                                                                                                                                                                                                                                      MD5:1BC1DE873E1CA018D2C42DA789344283
                                                                                                                                                                                                                                                                                      SHA1:0CC47A02B7AC52EE7ACA12E71AD1671E67A3CE74
                                                                                                                                                                                                                                                                                      SHA-256:FF7750952A601DBF03688B01A2ECED6E5671A8335393EB063201BB732F12C99A
                                                                                                                                                                                                                                                                                      SHA-512:5BD0BD3DFF097E566823D76EBDEAE61E476658010EDE35338C0E7B2317C6D00F764BB6007BA8EC4793257B5D97B9850EF9695ECC1B4FFDEEAC6D0C8F789FF3FE
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/modules/system/system.theme.css?s7978o
                                                                                                                                                                                                                                                                                      Preview:./**. * @file. * Basic styling for common markup.. */../**. * HTML elements.. */.fieldset {. margin-bottom: 1em;. padding: 0.5em;.}.form {. margin: 0;. padding: 0;.}.hr {. border: 1px solid gray;. height: 1px;.}.img {. border: 0;.}.table {. border-collapse: collapse;.}.th {. border-bottom: 3px solid #ccc;. padding-right: 1em; /* LTR */. text-align: left; /* LTR */.}.tbody {. border-top: 1px solid #ccc;.}.tr.even,.tr.odd {. background-color: #eee;. border-bottom: 1px solid #ccc;. padding: 0.1em 0.6em;.}../**. * Markup generated by theme_tablesort_indicator().. */.th.active img {. display: inline;.}.td.active {. background-color: #ddd;.}../**. * Markup generated by theme_item_list().. */..item-list .title {. font-weight: bold;.}..item-list ul {. margin: 0 0 0.75em 0;. padding: 0;.}..item-list ul li {. margin: 0 0 0.25em 1.5em; /* LTR */. padding: 0;.}../**. * Markup generated by Form API.. */..form-item,..form-actions {. margin-top: 1em;. margin-bottom: 1em;.}.tr.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 274

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (4279)
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):21291
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.288905059972398
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:ipHRPJETkBuLiUHkixlTss/A0S8H07+5FveG/X:i5RPSTkBZ7qNss4aHRX/X
                                                                                                                                                                                                                                                                                      MD5:C69E2C3AA2A6B2F19EB69AAD70610D8F
                                                                                                                                                                                                                                                                                      SHA1:1F70EE133853044D499C32437CB2A905E9C7CDD4
                                                                                                                                                                                                                                                                                      SHA-256:63204EF96AB73682D1C902484DED35CABDF6E840F8E386B4B8F621D51A31A306
                                                                                                                                                                                                                                                                                      SHA-512:F3A82CA0A6F5607201E887645196FA6BE6BF8C89E1C64F0F27CD2A4E2E11E46AF43A8BA950E29E645CD0A241A7D78B72B7886197485BE09B8A08E20FA30E545F
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:"https://static.xx.fbcdn.net/rsrc.php/v3/yK/l/0,cross/O0Uz2Q0jyKe.css"
                                                                                                                                                                                                                                                                                      Preview:...._42ft{cursor:pointer;display:inline-block;text-decoration:none;white-space:nowrap}._42ft:hover{text-decoration:none}._42ft+._42ft{margin-left:4px}._42fr,._42fs{cursor:default}._afhc{clip:rect(1px, 1px, 1px, 1px);height:1px;overflow:hidden;position:absolute;white-space:nowrap;width:1px}.._2agf{word-wrap:normal}._2agf._4o_4{display:inline-flex}._55pe{display:inline-block;overflow:hidden;text-overflow:ellipsis;vertical-align:top;white-space:nowrap}.html{touch-action:manipulation}body{background:#fff;color:#1c1e21;direction:ltr;line-height:1.34;margin:0;padding:0;unicode-bidi:embed}body,button,input,label,select,td,textarea{font-family:Helvetica, Arial, sans-serif;font-size:12px}h1,h2,h3,h4,h5,h6{color:#1c1e21;font-size:13px;font-weight:600;margin:0;padding:0}h1{font-size:14px}h4,h5,h6{font-size:12px}p{margin:1em 0}b,strong{font-weight:600}a{color:#385898;cursor:pointer;text-decoration:none}button{margin:0}a:hover{text-decoration:underline}img{border:0}td,td.label{text-align:left}dd{co

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 275

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):1182
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.799558367525683
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:o/dIhItLhItykhItau0p3hItphItCqhItE1Fk9FBzCVCpCBCv9c7hItCZzCrCDcz:/hohpkhp3hOhYht1aWwMEVmhvZWOFhva
                                                                                                                                                                                                                                                                                      MD5:454B08300D231A27AA45ED7EA2EF086A
                                                                                                                                                                                                                                                                                      SHA1:D9ED4CB070B35D877EE0AC3A1A4B6CA1231784E5
                                                                                                                                                                                                                                                                                      SHA-256:17B33CCC1616149FD272AE8141EBA639100265B56B04E720AFA0035C72E19FB6
                                                                                                                                                                                                                                                                                      SHA-512:35F009B1BD22A3206B16C95D048C79DD23A9D1B175C762CB27627A60E0EE1BC70A0C29FD0CC2C516BDEFE21CC04699DCCE4AAEFC7643914052B7470125A2E3D5
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/sites/all/libraries/superfish/style/coffee.css?s7978o
                                                                                                                                                                                                                                                                                      Preview:.sf-menu {. margin-bottom: 0;. line-height: 1.5;.}.#navigation .sf-menu > li, #navigation .sf-menu > li:hover,.#navigation .sf-menu > li:active, #navigation sf-menu > li:visited,.#navigation .sf-menu > li:focus, #navigation .sf-menu > li.sfHover {. background: none;.}.#navigation .sf-menu > li > a {. border: none;. font-size: 14px;. text-decoration: none;.}..sf-menu > li > a:hover {. border: none;. text-decoration: none;.}./*.sf-menu li li, .sf-menu li li:visited, .sf-menu li li:focus,..sf-menu li li:active {. background-color: #c37a37;.}*/.#navigation li, #navigation li:visited, #navigation li:focus,.#navigation li:active {. background-color: #c37a37;.}.#navigation .sf-menu li li:hover {. background-color: #e2944f;.}..sf-menu li:hover ul, .sf-menu li.sfHover ul {. width: 150px;. top: 3.5em;.}.#navigation .sf-menu li li a {. border-top: 1px solid #ddd;. background: none;. font-size: 14px;. font-weight: normal;. padding: 4px 12px;. text-decoration: none;.}..sf-menu a:

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 276

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (820)
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):78601
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.385907842723292
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:oqD4uWibfmaWWfiw7u/m9LofuENlx9TV6Z+T3VopklvQDPj10XQjdA4+9j:opzYf/t9s5vQD6X2dA4+9j
                                                                                                                                                                                                                                                                                      MD5:73A9C334C5CA71D70D092B42064F6476
                                                                                                                                                                                                                                                                                      SHA1:B75990598EE8D3895448ED9D08726AF63109F842
                                                                                                                                                                                                                                                                                      SHA-256:517364F2D45162FB5037437B5B6CB953D00D9B2B3B79BA87D9FE57EA6EE6070C
                                                                                                                                                                                                                                                                                      SHA-512:B5C7B19A6D0F05CFA33A7F54C1B8075698D922578429789FD4C0A4CE035F563857283C7062E9AB08EC61679B486971F3D83A44135E217E3167E49FADA5A1520A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:/*!. * jQuery JavaScript Library v1.4.4. * http://jquery.com/. *. * Copyright 2010, John Resig. * Dual licensed under the MIT or GPL Version 2 licenses.. * http://jquery.org/license. *. * Includes Sizzle.js. * http://sizzlejs.com/. * Copyright 2010, The Dojo Foundation. * Released under the MIT, BSD, and GPL Licenses.. *. * Date: Thu Nov 11 19:04:53 2010 -0500. */.(function(E,B){function ka(a,b,d){if(d===B&&a.nodeType===1){d=a.getAttribute("data-"+b);if(typeof d==="string"){try{d=d==="true"?true:d==="false"?false:d==="null"?null:!c.isNaN(d)?parseFloat(d):Ja.test(d)?c.parseJSON(d):d}catch(e){}c.data(a,b,d)}else d=B}return d}function U(){return false}function ca(){return true}function la(a,b,d){d[0].type=a;return c.event.handle.apply(b,d)}function Ka(a){var b,d,e,f,h,l,k,o,x,r,A,C=[];f=[];h=c.data(this,this.nodeType?"events":"__events__");if(typeof h==="function")h=.h.events;if(!(a.liveFired===this||!h||!h.live||a.button&&a.type==="click")){if(a.namespace)A=RegExp("(^|\\.)"+a.namespace.s

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 277

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):1445
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.222272418368196
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:02iabE/WNfjHcOJh6TtD0uAkAceavnCwqI0AkaAs1SCaVAW7aJA8aW2A2Pqynn:0nabJfjHcy6TtD0uAkAvavnwJAkaAsEd
                                                                                                                                                                                                                                                                                      MD5:1E4A604298B742D7B2D15135A6804A39
                                                                                                                                                                                                                                                                                      SHA1:0276DA0BD1BBBD479287018DBBEDC2F7A500ACDF
                                                                                                                                                                                                                                                                                      SHA-256:47BD42ADD62E3C51CF35F0CEE531AD5E7F9BEE8A309456174E672726E96630E6
                                                                                                                                                                                                                                                                                      SHA-512:3CCDB4E12838DD7E9DDDC92EBCBBA10BF71628840B42EDF202748ECFE856FBC0FE7C45F321F8996D787ECCE76E1B849EE181EB201464D55C85EB613653B0FF9F
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/sites/all/modules/superfish/superfish.js?s7978o
                                                                                                                                                                                                                                                                                      Preview:/**. * @file. * The Superfish Drupal Behavior to apply the Superfish jQuery plugin to lists.. */..(function ($) {. Drupal.behaviors.superfish = {. attach: function (context, settings) {. // Take a look at each list to apply Superfish to.. $.each(settings.superfish || {}, function(index, options) {. // Process all Superfish lists.. $('#superfish-' + options.id, context).once('superfish', function() {. var list = $(this);.. // Check if we are to apply the Supersubs plug-in to it.. if (options.plugins || false) {. if (options.plugins.supersubs || false) {. list.supersubs(options.plugins.supersubs);. }. }.. // Apply Superfish to the list.. list.superfish(options.sf);.. // Check if we are to apply any other plug-in to it.. if (options.plugins || false) {. if (options.plugins.touchscreen || false) {. list.sftouchscreen(options.plugins.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 278

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:PNG image data, 24 x 12, 4-bit colormap, non-interlaced
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):210
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.305873369443647
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:6v/lhP0jTPBPjnGe+KkVwpNFu6rOMi8cuBp:6v/7MJPjVxceNjrz9v
                                                                                                                                                                                                                                                                                      MD5:CDF92E329CC12FA614A9B706250D8498
                                                                                                                                                                                                                                                                                      SHA1:D19753E0424B36D45A23360921C615F54FE59375
                                                                                                                                                                                                                                                                                      SHA-256:57EA54A19A47DC49BF624211F8827A5686BAB98DC994FE9762CFAD1ED332FFEA
                                                                                                                                                                                                                                                                                      SHA-512:DD4F74B340F5B14DE1FF570B87C44EAB811FAA90311F01FD3CC4BDD722FD30DDDADCA4BD55482031AF6512493C07A17409D7474C7B2D08B2D422162756298A4F
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/sites/all/modules/languageicons/flags/en.png
                                                                                                                                                                                                                                                                                      Preview:.PNG........IHDR...............`F...'PLTE.$}.=.&E...+.Pb.fv.....................v&....gIFg....|Y.S...VIDAT..c.<.......1.!...r...`Ba.5..K..l.a...bs0.`..P9(...z..m.......fk0..&...x.`i.s.<...1%.*.s....IEND.B`.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 279

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 526x395, components 3
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):15587
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.909017222369387
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:iCD636NduDIjWRkc+jFPg3Qv5/enSG4zNy+odUWjGFcD/:ihDajFPP1Z/TWdD/
                                                                                                                                                                                                                                                                                      MD5:DFEA772D79B28452A349AD194D1F0382
                                                                                                                                                                                                                                                                                      SHA1:D46CE9E26D2E5A13672208B36F3EF48F5CDA28D1
                                                                                                                                                                                                                                                                                      SHA-256:2043B6F916C8A953A361D41B48D95B119158D7536C34BE9FF67277B441C7DABE
                                                                                                                                                                                                                                                                                      SHA-512:EC509FF7AF9C67881541D6B923767EE9E678D9F05FF867986D60ED1116FD43B821B972BD0C462181C52DCB7E588C1B82E0D94E3A8B98E24D25CE8E94056AE8D3
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://scontent-msp1-1.xx.fbcdn.net/v/t39.30808-6/303280254_411128561164160_6605626465690304584_n.jpg?stp=dst-jpg_s526x395&_nc_cat=106&ccb=1-7&_nc_sid=4cb600&_nc_ohc=1I2yrbFI2LYQ7kNvgEsGWmR&_nc_ht=scontent-msp1-1.xx&edm=AEDRbFQEAAAA&_nc_gid=A4syIzp1y9Bx-a7cihdwta0&oh=00_AYCdJGOufY8qZigevwZ9U0PHjEqRvLbmQ_sPWeanTh1Z5w&oe=670A27D3
                                                                                                                                                                                                                                                                                      Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f0100002c080000390f00001e10000029110000e618000038230000da250000c5260000ce270000e33c0000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."..............................................................................P......................................................................................T.....................13j..OF:r3.B.17e...g....B.%.@B.. .,PB.. ......B.y..4w....tC.|..j.......p..<.y....K... .`.PX..R..(.E.a@@.,..............[.+Fw...g...={8..H..../G... ........`...T.,............;5zr.+FW..4...g,'.....>..9...q...t`...........,.....%.x...........&&w........\/?{....h..K...X..@..................o..v.."LFH5s..'...,:..i.x~`.^....*T....R..........T......A..v.Gc.*2b2.{i..{21..s.O..u09....{....................(..%..........N.d.f.$..L.M._..i.u.=./f'$.5(.AR.T..aPP...@. !H,....j...Sv.[.3bg9.......F;...t

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 280

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (327)
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):507
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.35758988661724
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:zOp1mBBkdC4qYEruh/RwUHRLx6nCriLQ/:01ndCzOmUHBAnCGLo
                                                                                                                                                                                                                                                                                      MD5:759DF6E181340EF0A76A1BAB457EBB22
                                                                                                                                                                                                                                                                                      SHA1:2AFDFA1808428E97F7F8FAEA0624C8402956B04E
                                                                                                                                                                                                                                                                                      SHA-256:9E57FEDB96B3686621BCCD5521F43A2037A823C74F062176952890B179B3955B
                                                                                                                                                                                                                                                                                      SHA-512:2E20C1B3B445DD0B143DC636EAC9421454B1615A6CE0BE63AFA012E7571385F346F456B9FF25545FD90AE11DD08B23F03F36F2242C817855D26578FC9F5C94BA
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:;/*FB_PKG_DELIM*/../**. * License: https://www.facebook.com/legal/license/V9vdYColc4k/. */.__d("react-0.0.0",["React"],(function(a,b,c,d,e,f){"use strict";function a(a){return a&&typeof a==="object"&&"default"in a?a["default"]:a}var g=a(b("React"));d={};var h={exports:d};function i(){h.exports=g}var j=!1;function k(){j||(j=!0,i());return h.exports}function c(a){switch(a){case void 0:return k()}}e.exports=c}),null);.__d("react",["react-0.0.0"],(function(a,b,c,d,e,f){e.exports=b("react-0.0.0")()}),null);

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 281

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:C source, ASCII text, with very long lines (10048)
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):33942
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.420824700906275
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:3A3SoJzYSerlLT8RinZnSegg600C2dPY+:wz2lYRapSz00/VV
                                                                                                                                                                                                                                                                                      MD5:06ABD4EC6A766E0A177EFD5803FFE6BF
                                                                                                                                                                                                                                                                                      SHA1:DAD3E5FA534D733D545FAA610FF465D734C26B45
                                                                                                                                                                                                                                                                                      SHA-256:83E904817FA9444160092A7845FAEF6C6C2F2C8D1CB63267DF3FE93682FA8A14
                                                                                                                                                                                                                                                                                      SHA-512:39B50D8A0E9E52BA675E3F5C42DBE9F3B369EF958AB95E359E7FBE80D0648D28762417FCCD0D2DC929E9C2E2897950800820866CBD44B88B3E6F90943EE5CEF5
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:;/*FB_PKG_DELIM*/..__d("ManagedError",[],(function(a,b,c,d,e,f){a=function(a){babelHelpers.inheritsLoose(b,a);function b(b,c){var d;d=a.call(this,b!==null&&b!==void 0?b:"")||this;b!==null&&b!==void 0?d.message=b:d.message="";d.innerError=c;return d}return b}(babelHelpers.wrapNativeSuper(Error));f["default"]=a}),66);.__d("AssertionError",["ManagedError"],(function(a,b,c,d,e,f,g){a=function(a){babelHelpers.inheritsLoose(b,a);function b(b){return a.call(this,b)||this}return b}(c("ManagedError"));g["default"]=a}),98);.__d("Assert",["AssertionError","sprintf"],(function(a,b,c,d,e,f,g){function h(a,b){if(typeof a!=="boolean"||a===!1)throw new(c("AssertionError"))(b);return a}function i(a,b,d){var e;if(b===void 0)e="undefined";else if(b===null)e="null";else{var f=Object.prototype.toString.call(b);f=/\s(\w*)/.exec(f);e=f==null?typeof f:f[1].toLowerCase()}h(a.indexOf(e)!==-1,(f=d)!=null?f:c("sprintf")("Expression is of type %s, not %s",e,a));return b}function a(a,b,c){h(b instanceof a,(a=c)!=nu

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 282

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1445
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.222272418368196
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:02iabE/WNfjHcOJh6TtD0uAkAceavnCwqI0AkaAs1SCaVAW7aJA8aW2A2Pqynn:0nabJfjHcy6TtD0uAkAvavnwJAkaAsEd
                                                                                                                                                                                                                                                                                      MD5:1E4A604298B742D7B2D15135A6804A39
                                                                                                                                                                                                                                                                                      SHA1:0276DA0BD1BBBD479287018DBBEDC2F7A500ACDF
                                                                                                                                                                                                                                                                                      SHA-256:47BD42ADD62E3C51CF35F0CEE531AD5E7F9BEE8A309456174E672726E96630E6
                                                                                                                                                                                                                                                                                      SHA-512:3CCDB4E12838DD7E9DDDC92EBCBBA10BF71628840B42EDF202748ECFE856FBC0FE7C45F321F8996D787ECCE76E1B849EE181EB201464D55C85EB613653B0FF9F
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:/**. * @file. * The Superfish Drupal Behavior to apply the Superfish jQuery plugin to lists.. */..(function ($) {. Drupal.behaviors.superfish = {. attach: function (context, settings) {. // Take a look at each list to apply Superfish to.. $.each(settings.superfish || {}, function(index, options) {. // Process all Superfish lists.. $('#superfish-' + options.id, context).once('superfish', function() {. var list = $(this);.. // Check if we are to apply the Supersubs plug-in to it.. if (options.plugins || false) {. if (options.plugins.supersubs || false) {. list.supersubs(options.plugins.supersubs);. }. }.. // Apply Superfish to the list.. list.superfish(options.sf);.. // Check if we are to apply any other plug-in to it.. if (options.plugins || false) {. if (options.plugins.touchscreen || false) {. list.sftouchscreen(options.plugins.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 283

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:GIF image data, version 89a, 150 x 130
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):800
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.500898930564036
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:V3deBvJhxfv+7ESeL+u297muT2mJG6gnWjhLWIzBUf:Vmxh47kL3Y7fT2mb5dUf
                                                                                                                                                                                                                                                                                      MD5:B7CFF17978B53B7954F3043C7C2CCD32
                                                                                                                                                                                                                                                                                      SHA1:DB10A3F6C180DBBA72D3CCEB07BE84A2169A2521
                                                                                                                                                                                                                                                                                      SHA-256:9DF6DB008186A76547C58D18169FA420D3675F0FC9313125E5C45C4E8025432B
                                                                                                                                                                                                                                                                                      SHA-512:73D1C4F45B49CC8F7341200FFA81BFAEC3F8D5D751C7DD9AF9CF1EB6F59902BB34168C565E6EFCC1AC4B10F71E32B89B6F735CBD8CCE124719AD733662186E2F
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:GIF89a.......''')))***...+++(((,,,---000///111222333.........!.......,.............I..8...`(.di.h..l.p,.tm.x..|....pH,...r.l:...3@.Z..v..z..xL....z.n...|N.....~........................................................................................................................................H......*\....#J.H....3j.... ....I...(S.\...0c.I...8s.....@...J...H.*E....P.J.J...X.j....`..K...h.]...p..K...x........kE@.....+^....#K.L....3k.....C..M....S.^....c.M..f..s..........N.....+_.....K.N.....k........O......_..{....O..............(....h...&....6....F(..Vh..f...v.. .(.$.h.(...,...0.(.4.h.8.#.<...@.).D.i.H&..L6..PF).TVi.Xf..\v..`.).d.i.h...l...p.).t.i.x..|....*..j.&..6..F*.Vj.f..v...*.^...;

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 284

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1150
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.278152832319807
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:H1bhIFarvMy3fhG6twikbauHcpZ62LWaVy1DxBBl2XP3LKQGUZUJTf:VtrvMQDwJWu8a2vy1DxD0frGUZUJTf
                                                                                                                                                                                                                                                                                      MD5:1973F711F31AB1F7610147CD152A6257
                                                                                                                                                                                                                                                                                      SHA1:1214DBB562B29CC1C9D4F83033FCDDA2E230A347
                                                                                                                                                                                                                                                                                      SHA-256:96DDD72A3C68D3390823E8246494C5305D61F884C4E27A78F72185DAA5BF9810
                                                                                                                                                                                                                                                                                      SHA-512:B8E2708348A3E898CC7B869CD69C78387E3274549DC97025D88884568BA5D8897DBDF9ACE1378079E396BE13374A7DDA5448372AFBECB5DDCCC276BD19252A36
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:............ .h.......(....... ..... .............................kkm.jkn.....qje.jqxqYu..Ov..Ov..Yu..jqxqqje.....jkn.kkm.....kkm.jkn.....lorcEw...r...j...f...f...j...r..Ew..lorc....jkn.kkm.kkn.....hqz.(x...e...Z...[..._...`...[...Z...e..(x..hqz.....kkn.....lor`'z...f...u...........n...l...........u...f..'z..lor`....qjd.Fz...k...t..)...<UM.;_Z.........:`].;TL.)....t...k..Gz..qjd.jqxm.}...g......4...>+".A@3.!.......@D8.>*!.4........g...}..jqxm[z...z...l......7...F?9.GPG.-...+...GSL.G>7.7........l...z..[z..j........r......8...OHA.KQO.Luq.Kws.KRP.OH@.8........r......j...x...<...1...&...O...b]X.[``.\TQ.\SP.[`_.b^X.O...&...1...<...x......Q...K...O...{...........y...x...........z...O...K...Q..........wo...^...`...............w...s...............`...^...o......w........v...t...................................t...v..................l...................................................l.................................................................................s.........................

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 285

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):20611
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.877897624550885
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:Xt4QnBjP5i8UVpo3H3r52y34ZIrNx6t1QSWK/0+MgZTd/u7v/TfRJ:XhziXVpo3H3r523v0gpd/2T7
                                                                                                                                                                                                                                                                                      MD5:2B587BB02819D09AB40485D88CA645C4
                                                                                                                                                                                                                                                                                      SHA1:914380FC5158927571583763A00DCD2CE22A3D97
                                                                                                                                                                                                                                                                                      SHA-256:9A1BBCECC783930543E61805D08CFDDAA643C1A6309D1B3A9E3216961B75DEDE
                                                                                                                                                                                                                                                                                      SHA-512:B829A4394924844065004D98AB3153C9E30660F99D36202F35D10847029F8CFA1F9B0B6D945A84D64C0DF93D72AB043D4D8D425A7AABEE71D0CF3776CC767060
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/misc/drupal.js?s7978o
                                                                                                                                                                                                                                                                                      Preview:.var Drupal = Drupal || { 'settings': {}, 'behaviors': {}, 'locale': {} };..// Allow other JavaScript libraries to use $..jQuery.noConflict();..(function ($) {../**. * Override jQuery.fn.init to guard against XSS attacks.. *. * See http://bugs.jquery.com/ticket/9521. */.var jquery_init = $.fn.init;.$.fn.init = function (selector, context, rootjQuery) {. // If the string contains a "#" before a "<", treat it as invalid HTML.. if (selector && typeof selector === 'string') {. var hash_position = selector.indexOf('#');. if (hash_position >= 0) {. var bracket_position = selector.indexOf('<');. if (bracket_position > hash_position) {. throw 'Syntax error, unrecognized expression: ' + selector;. }. }. }. return jquery_init.call(this, selector, context, rootjQuery);.};.$.fn.init.prototype = jquery_init.prototype;../**. * Pre-filter Ajax requests to guard against XSS attacks.. *. * See https://github.com/jquery/jquery/issues/2432. */.if ($.ajaxPrefilter) {. /

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 286

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):3778
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.665598890662172
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:5JxM2vOXmQgL5ZkivCXOtyziX+nXRdnk+:/W2vOXmQgL5Z5QiAXRdnf
                                                                                                                                                                                                                                                                                      MD5:5C711DED2CAC3BB36ECDED89BFA957C3
                                                                                                                                                                                                                                                                                      SHA1:B0E4F13F592CA91298725D5FA1467A09189E572B
                                                                                                                                                                                                                                                                                      SHA-256:F50ECCCAB299718F06B5DFEF251E49D21622EE3F9F9F21FE3A19E3D0751DB021
                                                                                                                                                                                                                                                                                      SHA-512:A7C8B23A900AFB24B666456A743B5075D674B49CD632337165A5B286718D807102A627F5C98731A23572F0226248A1A4023FF0239BA00B648218DCD054B0050B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/sites/all/libraries/superfish/supersubs.js?s7978o
                                                                                                                                                                                                                                                                                      Preview:/*. * Supersubs v0.2b - jQuery plugin - LAST UPDATE: MARCH 23rd, 2011. * Copyright (c) 2008 Joel Birch. *. * Jan 16th, 2011 - Modified a little in order to work with NavBar menus as well.. *. * Dual licensed under the MIT and GPL licenses:. * http://www.opensource.org/licenses/mit-license.php. * http://www.gnu.org/licenses/gpl.html. *. * This plugin automatically adjusts submenu widths of suckerfish-style menus to that of. * their longest list item children. If you use this, please expect bugs and report them. * to the jQuery Google Group with the word 'Superfish' in the subject line.. *. */..(function($){ // $ will refer to jQuery within this closure.. $.fn.supersubs = function(options){. var opts = $.extend({}, $.fn.supersubs.defaults, options);..// return original object to support chaining. return this.each(function() {. // cache selections. var $$ = $(this);. // support metadata. var o = $.meta ? $.extend({}, opts, $$.data()) : opts;. // get the

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 287

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1984)
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):7219
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.325367555808435
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:4RbGMN3dbZtGY0ACeSLxxS5mwgWcabR6O:4RFN3dbSY0A6LxxPWlJ
                                                                                                                                                                                                                                                                                      MD5:93885FDA9BA0C276CF15BAF4380C0987
                                                                                                                                                                                                                                                                                      SHA1:118728C82B6E60DF91C02157CA98E483D706F376
                                                                                                                                                                                                                                                                                      SHA-256:2DBAC4E8CD6857DA9A016FD547C6FDAFEAEA06107E9B0461D531322C50A16957
                                                                                                                                                                                                                                                                                      SHA-512:DD56C469E49E6C944A303717B1D6DBC8DE878E1D5098C1277C519DCB831F6420DE5C498B9EB1588619B80E0D1F215B9B644111FD6473E8526F903124975D7315
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:;/*FB_PKG_DELIM*/..__d("Banzai",["cr:7383"],(function(a,b,c,d,e,f,g){g["default"]=b("cr:7383")}),98);.__d("EventEmitterWithValidation",["BaseEventEmitter"],(function(a,b,c,d,e,f){"use strict";a=function(a){babelHelpers.inheritsLoose(b,a);function b(b,c){var d;d=a.call(this)||this;d.$EventEmitterWithValidation1=Object.keys(b);d.$EventEmitterWithValidation2=Boolean(c);return d}var c=b.prototype;c.emit=function(b){if(this.$EventEmitterWithValidation1.indexOf(b)===-1){if(this.$EventEmitterWithValidation2)return;throw new TypeError(g(b,this.$EventEmitterWithValidation1))}return a.prototype.emit.apply(this,arguments)};return b}(b("BaseEventEmitter"));function g(a,b){a='Unknown event type "'+a+'". ';a+="Known event types: "+b.join(", ")+".";return a}e.exports=a}),null);.__d("IdleCallbackImplementation",["performanceNow","requestAnimationFramePolyfill"],(function(a,b,c,d,e,f,g){var h,i=[],j=0,k=0,l=-1,m=!1,n=1e3/60,o=2;function p(a){return a}function q(a){return a}function b(b,c){var d=k++;i[d

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 288

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (22304)
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):156474
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.477868778393652
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:g4hJDPiagv0DLTlh5Ld+Iim0sKymy8W2Cu20u6gCuvw4Im+gSUmC/:g4TBJTlh5Ld8Y
                                                                                                                                                                                                                                                                                      MD5:26FB32B4C4E7E985EA5BA476F50066DA
                                                                                                                                                                                                                                                                                      SHA1:A5EDCBAF1DC6182D6C3B314E608821943E4233A7
                                                                                                                                                                                                                                                                                      SHA-256:8946E90E2B4BE2DE9C1D1AC094FA3970AB02D2289EA46EFBF0A5CDE28C1B344B
                                                                                                                                                                                                                                                                                      SHA-512:F5A077987E09472DF0DC2D0169C708094C7F3FF73E7780C0794E3ABFBEDCFD09C19F5A24C88DB9638889B465BB5002ACE5E4FB7A8C40DCDEC20B6AF5BA895D2D
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:;/*FB_PKG_DELIM*/..__d("ArbiterFrame",[],(function(a,b,c,d,e,f){a={inform:function(a,b,c){var d=parent.frames,e=d.length,f;b.crossFrame=!0;for(var g=0;g<e;g++){f=d[g];try{if(!f||f==window)continue;f.require?f.require("Arbiter").inform(a,b,c):f.ServerJSAsyncLoader&&f.ServerJSAsyncLoader.wakeUp(a,b,c)}catch(a){}}}};e.exports=a}),null);.__d("ArbiterMixin",["Arbiter","guid"],(function(a,b,c,d,e,f,g){var h="arbiter$"+c("guid")(),i=Object.prototype.hasOwnProperty;a={_getArbiterInstance:function(){return i.call(this,h)?this[h]:this[h]=new(c("Arbiter"))()},inform:function(a,b,c){return this._getArbiterInstance().inform(a,b,c)},subscribe:function(a,b,c){return this._getArbiterInstance().subscribe(a,b,c)},subscribeOnce:function(a,b,c){return this._getArbiterInstance().subscribeOnce(a,b,c)},unsubscribe:function(a){this._getArbiterInstance().unsubscribe(a)},unsubscribeCurrentSubscription:function(){this._getArbiterInstance().unsubscribeCurrentSubscription()},releaseCurrentPersistentEvent:function(

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 289

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (820)
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):78601
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.385907842723292
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:oqD4uWibfmaWWfiw7u/m9LofuENlx9TV6Z+T3VopklvQDPj10XQjdA4+9j:opzYf/t9s5vQD6X2dA4+9j
                                                                                                                                                                                                                                                                                      MD5:73A9C334C5CA71D70D092B42064F6476
                                                                                                                                                                                                                                                                                      SHA1:B75990598EE8D3895448ED9D08726AF63109F842
                                                                                                                                                                                                                                                                                      SHA-256:517364F2D45162FB5037437B5B6CB953D00D9B2B3B79BA87D9FE57EA6EE6070C
                                                                                                                                                                                                                                                                                      SHA-512:B5C7B19A6D0F05CFA33A7F54C1B8075698D922578429789FD4C0A4CE035F563857283C7062E9AB08EC61679B486971F3D83A44135E217E3167E49FADA5A1520A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/misc/jquery.js?v=1.4.4
                                                                                                                                                                                                                                                                                      Preview:/*!. * jQuery JavaScript Library v1.4.4. * http://jquery.com/. *. * Copyright 2010, John Resig. * Dual licensed under the MIT or GPL Version 2 licenses.. * http://jquery.org/license. *. * Includes Sizzle.js. * http://sizzlejs.com/. * Copyright 2010, The Dojo Foundation. * Released under the MIT, BSD, and GPL Licenses.. *. * Date: Thu Nov 11 19:04:53 2010 -0500. */.(function(E,B){function ka(a,b,d){if(d===B&&a.nodeType===1){d=a.getAttribute("data-"+b);if(typeof d==="string"){try{d=d==="true"?true:d==="false"?false:d==="null"?null:!c.isNaN(d)?parseFloat(d):Ja.test(d)?c.parseJSON(d):d}catch(e){}c.data(a,b,d)}else d=B}return d}function U(){return false}function ca(){return true}function la(a,b,d){d[0].type=a;return c.event.handle.apply(b,d)}function Ka(a){var b,d,e,f,h,l,k,o,x,r,A,C=[];f=[];h=c.data(this,this.nodeType?"events":"__events__");if(typeof h==="function")h=.h.events;if(!(a.liveFired===this||!h||!h.live||a.button&&a.type==="click")){if(a.namespace)A=RegExp("(^|\\.)"+a.namespace.s

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 290

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:GIF image data, version 89a, 1000 x 150
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):3177
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.861822696478367
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:4440qQpzKB5Q6jZHcyTh2XH/PjMy/QKcLhi4g1+c:AkKB5Q6bT83/rMjKybc
                                                                                                                                                                                                                                                                                      MD5:C7707375A6FC42E32A1488B6A247EB1C
                                                                                                                                                                                                                                                                                      SHA1:83E07332FEC68EAE216FC89BEDCE0E48E8171BF8
                                                                                                                                                                                                                                                                                      SHA-256:E5C66A147E466DAFACB77615095AE68CF5DBF73D6B40159A021A728839795ED9
                                                                                                                                                                                                                                                                                      SHA-512:72957613DEB1DA5A0D4F47EF6249A13C3EE27232842EB6ED326AE30C70F5B3FA3B6497D1CC61C4EB910553FC52DC1FD5E424F25D32E13FADEFB3E12BC1916368
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:GIF89a.......................................................................................................!.......,........... !.....P(.@..4.f.x..|....pH,...r.l:..tJ.Z..v..z.BG..@@.....:.F...R.\0...................Cbdfhjl.n.pr%')+-/135...............egikm.o.q#.u.x.{..................t.w.z................s.v.y...............re...W6}..*\..Cp........w..=.... C6.....|.a.'...0c..F.4..R^..l..@....f4........P.J%jtbR..W.....`.U5I..R...]...FcoV$....x....wI\.8.^4.......{2.Y.[.K.L.rL.e...z...C..|....S.^....X.6mM....^...0.........f..+_.<Gq.Y.7.N.......w..c.......\........a....s....+........8...m'...&......sTc.....Vh.(.j7..v.a..JH.$.hb.!...,..".).g.4..b....'....@.Y....i...i .L6Y...:)..A9".Xfy..+j..q9#.d....f..&bh...n...t...3%.e..W...3....$h..&...6.(>.>*..DJ.&ci..v....**.w.c.`..W...O..Z..z9.j...*.Y...#........k......D$.....l..>;m....{m...m...m..v:n..Rzn..6.n....n...9o...yo....o..k.o..K9p...yp...p....p....k...)b..w.....l!.".. .&.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 291

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):2035
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.874028610096254
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:YCZwzrpk/7n4DlbvpYJYoiQwfujYFWnS449cwtF2TtQtFdWC:YNvq/7n4DlDpYC/5f5FWS44noB6DH
                                                                                                                                                                                                                                                                                      MD5:D8FEF401360174C7165E2E7DB7040648
                                                                                                                                                                                                                                                                                      SHA1:7DEF2FE66EB082686AF80C5D264D9B75658AA2E4
                                                                                                                                                                                                                                                                                      SHA-256:8DDD16E82813D3B21156531806BF2621098F1315544B9DD93386B42FEA3B6633
                                                                                                                                                                                                                                                                                      SHA-512:1F9FE427F93F0BB6BAC3BA83D28C7E807C8B8A3C96734D4A710E06A0C97B71324CD80DF4E132B830ECBA7841F2A9431D5208C9D5B940A3731D87B23A53C31CD2
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/modules/system/system.menus.css?s7978o
                                                                                                                                                                                                                                                                                      Preview:./**. * @file. * Styles for menus and navigation markup.. */../**. * Markup generated by theme_menu_tree().. */.ul.menu {. border: none;. list-style: none;. text-align: left; /* LTR */.}.ul.menu li {. margin: 0 0 0 0.5em; /* LTR */.}.ul li.expanded {. list-style-image: url(../../misc/menu-expanded.png);. list-style-type: circle;.}.ul li.collapsed {. list-style-image: url(../../misc/menu-collapsed.png); /* LTR */. list-style-type: disc;.}.ul li.leaf {. list-style-image: url(../../misc/menu-leaf.png);. list-style-type: square;.}.li.expanded,.li.collapsed,.li.leaf {. padding: 0.2em 0.5em 0 0; /* LTR */. margin: 0;.}.li a.active {. color: #000;.}.td.menu-disabled {. background: #ccc;.}../**. * Markup generated by theme_links().. */.ul.inline,.ul.links.inline {. display: inline;. padding-left: 0;.}.ul.inline li {. display: inline;. list-style-type: none;. padding: 0 0.5em;.}../**. * Markup generated by theme_breadcrumb().. */..breadcrumb {. padding-bottom: 0.5em;.}../**.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 292

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):3945
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.898725812028943
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:jvR3uywA7mjz9fyodl9+jUzbq9Vfmg3P326:FeyhmHlsjug3P3t
                                                                                                                                                                                                                                                                                      MD5:CDE66C94EDC261189DE90ECC7E0D87B1
                                                                                                                                                                                                                                                                                      SHA1:8976D8D2CBD52900E822B3F1D5742A05967BB5CD
                                                                                                                                                                                                                                                                                      SHA-256:B254A812AA7E94135F1FCEAD1E8E0BC08708819792929FFA77BDA9C786D79EF0
                                                                                                                                                                                                                                                                                      SHA-512:22620F37E34BEE1B693E530F9B5CD89792437C3178836CF5205C1EA847801F6803FF06AC3430D1EF043C7F8DF5A2E7AEB1B9058AC1C81D0BDB838787098BB426
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/sites/all/libraries/superfish/superfish.js?s7978o
                                                                                                                                                                                                                                                                                      Preview:/*. * Superfish v1.4.8 - jQuery menu widget. * Copyright (c) 2008 Joel Birch. *. * Dual licensed under the MIT and GPL licenses:. * http://www.opensource.org/licenses/mit-license.php. * http://www.gnu.org/licenses/gpl.html. *. * CHANGELOG: http://users.tpg.com.au/j_birch/plugins/superfish/changelog.txt. */..(function($){. $.fn.superfish = function(op){. var sf = $.fn.superfish,. c = sf.c,. $arrow = $(['<span class="',c.arrowClass,'"> &#187;</span>'].join('')),. over = function(){. var $$ = $(this), menu = getMenu($$);. clearTimeout(menu.sfTimer);. $$.showSuperfishUl().siblings().hideSuperfishUl();. },. out = function(){. var $$ = $(this), menu = getMenu($$), o = sf.op;. clearTimeout(menu.sfTimer);. menu.sfTimer=setTimeout(function(){. o.retainPath=($.inArray($$[0],o.$path)>-1);. $$.hideSuperfishUl();. if (o.$path.length && $$.parents(['li.',o.hoverClass].join('')).length<1){over.call(o

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 293

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):20688
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.96413396221204
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:Vx+3x7k4OOW1h5lVzMndaZdM22uXPsjixe8HuIQL+zfMSqStq5:VxexA4x0h5lVzMd0m22srOTLq5tq5
                                                                                                                                                                                                                                                                                      MD5:AD3EDFB932E42CAFF0D07D8BFA4641A0
                                                                                                                                                                                                                                                                                      SHA1:BA09CBF95DE19930C3EB20800929FA568C351AD6
                                                                                                                                                                                                                                                                                      SHA-256:90DBD2BD76E507A2FE876F40C8B5CEB59FCB8FC51A8053736DBF86849562F987
                                                                                                                                                                                                                                                                                      SHA-512:F6229F7F936496D3B168E28064D653A58FB7E8F92E7CB39FC24706B2EF0D1CE772F88D21D9836BEEEEE4C716C397DD3E7AE160F0C4950018720EAD14B3AEC5C0
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://img.youtube.com/vi/m4a7nHpFuzw/0.jpg
                                                                                                                                                                                                                                                                                      Preview:......JFIF..............................(.....1#%.(:3=<9387@H\N@DWE78PmQW_bghg>Mqypdx\egc......./../cB8Bcccccccccccccccccccccccccccccccccccccccccccccccccc......h....".......................................J........................!..1AQ."Raq...2.....#4BSbrs....3T...$5C.Dc...E6..............................'.......................!1.AQ.."aq2R.#............?..T...s.{...\.a...&.J.....N.KE..L...X.........IYr..:BV...g`6...#..P.......&.....WO.OJ.F.....8v..kX*...........=$.r+S...n..b..:0X]...5t......F.r..u..Ok/..#...\..mk.A...6}.Xi......7./N..du.1.1..i.f.`.2.5....{m#jCO.ar.n.Z.N..P..KD.Y...a....=.NO.....b..+Z2..R.S.@.....n.'.l.....a..c..,..8j..=......aUl.9.Y].'...sY.g.#.\.d"...D"...@.Kd.@.'Y.@.'Y.@.'Y.@.E...@.E...@.E...@.H.dY.Y.KdY.Y.Kd. m.'......"...."....Kd.B["...l. D!...P......P.,.%H..8..Z.7]4...S.M.dbB....6.I...._(f,".....\.....U(....6..kn/a.9^.......%./..sF...SO..-Dt...h8.\.s...Z@4._4.!+N.a..'...F.\...^$m...j..g...UqQ.._3...........@.6..\.'.........

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 294

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (19948), with no line terminators
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):19948
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.261902742187293
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65
                                                                                                                                                                                                                                                                                      MD5:EC18AF6D41F6F278B6AED3BDABFFA7BC
                                                                                                                                                                                                                                                                                      SHA1:62C9E2CAB76B888829F3C5335E91C320B22329AE
                                                                                                                                                                                                                                                                                      SHA-256:8A18D13015336BC184819A5A768447462202EF3105EC511BF42ED8304A7ED94F
                                                                                                                                                                                                                                                                                      SHA-512:669B0E9A545057ACBDD3B4C8D1D2811EAF4C776F679DA1083E591FF38AE7684467ABACEF5AF3D4AABD9FB7C335692DBCA0DEF63DDAC2CD28D8E14E95680C3511
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
                                                                                                                                                                                                                                                                                      Preview:!function(){var e={343:function(e){"use strict";for(var t=[],n=0;n<256;++n)t[n]=(n+256).toString(16).substr(1);e.exports=function(e,n){var r=n||0,i=t;return[i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]]].join("")}},944:function(e){"use strict";var t="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto)||"undefined"!=typeof msCrypto&&"function"==typeof window.msCrypto.getRandomValues&&msCrypto.getRandomValues.bind(msCrypto);if(t){var n=new Uint8Array(16);e.exports=function(){return t(n),n}}else{var r=new Array(16);e.exports=function(){for(var e,t=0;t<16;t++)0==(3&t)&&(e=4294967296*Math.random()),r[t]=e>>>((3&t)<<3)&255;return r}}},508:function(e,t,n){"use strict";var r=n(944),i=n(343);e.exports=function(e,t,n){var o=t&&n||0;"string"==typeof e&&(t="binary"===e?new Array(16):null,e=null);var a=(e=e||{}).random||(e.rng||r)();if(

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 295

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):4934
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.821146136716558
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:LTWJg/TbEwvwLoVtKtgt3MKH6qb/LDZA8exg5w5lJdku:n2EZt+Pl4u
                                                                                                                                                                                                                                                                                      MD5:D3685425E91DC06C53C8A07F4F9D0552
                                                                                                                                                                                                                                                                                      SHA1:BE4DE9BD6F166296CC6C9455A0010342DF26C7B8
                                                                                                                                                                                                                                                                                      SHA-256:FAE5406BC182C87B641084F2F14F46A007B6318C452E3131C5722B06FD6773C3
                                                                                                                                                                                                                                                                                      SHA-512:799EA689A64C9F76349009EA0D83578A02D75E616386C5FCE3E2BB66B2065D59ABD76985A627D52C5F1D70C86D03979AE4186B878F8DF3073F9261F89AC78B82
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/sites/all/libraries/superfish/css/superfish.css?s7978o
                                                                                                                                                                                                                                                                                      Preview:.sf-menu,..sf-menu * {. list-style: none;. margin: 0 !important;. padding: 0;.}..sf-menu {. line-height: 1.0;. z-index: 497;.}..sf-menu ul {. position: absolute;. top: -99999em;. width: 12em;.}..sf-menu ul li {. width: 100%;.}..sf-menu li:hover {. visibility: inherit;.}..sf-menu li {. float: left;. position: relative;. z-index: 498;.}..sf-menu a {. display: block;. position: relative;.}..sf-menu li:hover,..sf-menu li.sfHover,..sf-menu li:hover ul,..sf-menu li.sfHover ul {. z-index: 499;.}..sf-menu li:hover ul,..sf-menu li.sfHover ul {. left: 0;. top: 2.5em;.}..sf-menu li:hover li ul,..sf-menu li.sfHover li ul,..sf-menu li li:hover li ul,..sf-menu li li.sfHover li ul {. top: -99999em;.}..sf-menu li li:hover ul,..sf-menu li li.sfHover ul,..sf-menu li li li:hover ul,..sf-menu li li li.sfHover ul {. left: 12em;. top: 0;.}..sf-menu a.sf-with-ul {. min-width: 1px;.}..sf-sub-indicator {. background: url('../images/arrows-ffffff.png') no-repeat -10px -100px;. display: b

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 296

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1305)
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):46274
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.48786904450865
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:aqNVrKn0VGhn+K7U1r2p/Y60fyy3/g3OMZht1z1prkfw1+9NZ5VA:RHrLVGhnpIwp/Y7cnz1RkLL5m
                                                                                                                                                                                                                                                                                      MD5:E9372F0EBBCF71F851E3D321EF2A8E5A
                                                                                                                                                                                                                                                                                      SHA1:2C7D19D1AF7D97085C977D1B69DCB8B84483D87C
                                                                                                                                                                                                                                                                                      SHA-256:1259EA99BD76596239BFD3102C679EB0A5052578DC526B0452F4D42F8BCDD45F
                                                                                                                                                                                                                                                                                      SHA-512:C3A1C74AC968FC2FA366D9C25442162773DB9AF1289ADFB165FC71E7750A7E62BD22F424F241730F3C2427AFFF8A540C214B3B97219A360A231D4875E6DDEE6F
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://ssl.google-analytics.com/ga.js
                                                                                                                                                                                                                                                                                      Preview:(function(){var E;var g=window,n=document,p=function(a){var b=g._gaUserPrefs;if(b&&b.ioo&&b.ioo()||a&&!0===g["ga-disable-"+a])return!0;try{var c=g.external;if(c&&c._gaUserPrefs&&"oo"==c._gaUserPrefs)return!0}catch(f){}a=[];b=n.cookie.split(";");c=/^\s*AMP_TOKEN=\s*(.*?)\s*$/;for(var d=0;d<b.length;d++){var e=b[d].match(c);e&&a.push(e[1])}for(b=0;b<a.length;b++)if("$OPT_OUT"==decodeURIComponent(a[b]))return!0;return!1};var q=function(a){return encodeURIComponent?encodeURIComponent(a).replace(/\(/g,"%28").replace(/\)/g,"%29"):a},r=/^(www\.)?google(\.com?)?(\.[a-z]{2})?$/,u=/(^|\.)doubleclick\.net$/i;function Aa(a,b){switch(b){case 0:return""+a;case 1:return 1*a;case 2:return!!a;case 3:return 1E3*a}return a}function Ba(a){return"function"==typeof a}function Ca(a){return void 0!=a&&-1<(a.constructor+"").indexOf("String")}function F(a,b){return void 0==a||"-"==a&&!b||""==a}function Da(a){if(!a||""==a)return"";for(;a&&-1<" \n\r\t".indexOf(a.charAt(0));)a=a.substring(1);for(;a&&-1<" \n\r\t".i

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 297

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (22304)
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):156474
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.477868778393652
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:g4hJDPiagv0DLTlh5Ld+Iim0sKymy8W2Cu20u6gCuvw4Im+gSUmC/:g4TBJTlh5Ld8Y
                                                                                                                                                                                                                                                                                      MD5:26FB32B4C4E7E985EA5BA476F50066DA
                                                                                                                                                                                                                                                                                      SHA1:A5EDCBAF1DC6182D6C3B314E608821943E4233A7
                                                                                                                                                                                                                                                                                      SHA-256:8946E90E2B4BE2DE9C1D1AC094FA3970AB02D2289EA46EFBF0A5CDE28C1B344B
                                                                                                                                                                                                                                                                                      SHA-512:F5A077987E09472DF0DC2D0169C708094C7F3FF73E7780C0794E3ABFBEDCFD09C19F5A24C88DB9638889B465BB5002ACE5E4FB7A8C40DCDEC20B6AF5BA895D2D
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://static.xx.fbcdn.net/rsrc.php/v3i7M54/yL/l/en_US/xKY8pb0-fD_.js
                                                                                                                                                                                                                                                                                      Preview:;/*FB_PKG_DELIM*/..__d("ArbiterFrame",[],(function(a,b,c,d,e,f){a={inform:function(a,b,c){var d=parent.frames,e=d.length,f;b.crossFrame=!0;for(var g=0;g<e;g++){f=d[g];try{if(!f||f==window)continue;f.require?f.require("Arbiter").inform(a,b,c):f.ServerJSAsyncLoader&&f.ServerJSAsyncLoader.wakeUp(a,b,c)}catch(a){}}}};e.exports=a}),null);.__d("ArbiterMixin",["Arbiter","guid"],(function(a,b,c,d,e,f,g){var h="arbiter$"+c("guid")(),i=Object.prototype.hasOwnProperty;a={_getArbiterInstance:function(){return i.call(this,h)?this[h]:this[h]=new(c("Arbiter"))()},inform:function(a,b,c){return this._getArbiterInstance().inform(a,b,c)},subscribe:function(a,b,c){return this._getArbiterInstance().subscribe(a,b,c)},subscribeOnce:function(a,b,c){return this._getArbiterInstance().subscribeOnce(a,b,c)},unsubscribe:function(a){this._getArbiterInstance().unsubscribe(a)},unsubscribeCurrentSubscription:function(){this._getArbiterInstance().unsubscribeCurrentSubscription()},releaseCurrentPersistentEvent:function(

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 298

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):18129
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.969466171963945
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:4bMfGzNF/FfzW/Vo+0kIDBWhLZsgvFPkrWJxAX74oeABfrQPKzUpAPrIRR3Rp5hL:ff691+qEm4PkrWJxYB8PGl0buTxaz
                                                                                                                                                                                                                                                                                      MD5:666E25B4F6A1B642BC97E849109CA01E
                                                                                                                                                                                                                                                                                      SHA1:1CF6EB3CD6EA4C59FC9FFC17C71AFBE9A5130D17
                                                                                                                                                                                                                                                                                      SHA-256:6187ADAF8F508F5A61C0C3734198D9C4C549A9C7CDE1B4380333E821058B9EFB
                                                                                                                                                                                                                                                                                      SHA-512:8A4AB6729E9601FEB2B77EE7A7EEA06E9D563345E582086FAE287FF075E71DA3E9BE72F4511828CC34D881106ACF276A67F481366806BE62B9904856B200F7B8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://img.youtube.com/vi/gMkjyUNksR4/0.jpg
                                                                                                                                                                                                                                                                                      Preview:......JFIF..............................(.....1#%.(:3=<9387@H\N@DWE78PmQW_bghg>Mqypdx\egc......./../cB8Bcccccccccccccccccccccccccccccccccccccccccccccccccc......h....".......................................M.........................!.1..AQSTa....."Rq.2b...#Bcs...$34CUr.5..%.D....................................&.......................!1.Q.A"2aq...............?.."{.~f:.MO..o..Z.... o.......s....g..KG.2..G...-hi$..t.{Z ..e..!+s.......y.g.f...VA#...-..w.*).<Ou..8|.L+.T....\\M.,.n~..|zb.."....0.b...|.0X]p9.!........@...^[.Vf..k'.C...k.^..{mn.{..g...4...v.....G]S...73O1....[W.~.SJ.ZAQ...+.x.f..3.."...T.i<.A.a.%.T..3U1n.......TG..#).V...X`..X..).:fm.....7.r.......Au].I%@.6.ZEy.#.t=....6[.s]...A....<..$..l.)...%...['..D3*,.d.*.dYI.%...,.dY.,.'..TGdY>..Y.O.K jK'...2.r.6.,.d..dY?..@.!9..Y.NB..:....N.,.... e....E6.u. K".RY@.... ....8.m..-.~.....;..@.Hn..l...c..5.......p..li.vg.....9..K..8.9.M...\..%..;..D...g...h9.^..U..V.~...h$n.6....a.P5..h....[p.[.i..L.7...X.-....

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 299

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (20634)
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):356051
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.402439887651169
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:Wco7Fh5yDvd2yjEKLPGMZMg9bV4LG77jzfw+1f8/:Wrv8Dvd0KLPGMZZ9bVF7w+1f8/
                                                                                                                                                                                                                                                                                      MD5:05CC55C147DF1E4C8330D3EC129B810C
                                                                                                                                                                                                                                                                                      SHA1:11817889226C1D7884AD7A8E3FDEAEF901EAFF02
                                                                                                                                                                                                                                                                                      SHA-256:4157ED2EFB6E1795A1E2014CBE26C2FC97E9749491168AF2282E066F6BBAEB49
                                                                                                                                                                                                                                                                                      SHA-512:A8B1248AD466459576246CE0EB91A8778B715A831E48BDF82E4D9FA537695BE8E7705B9CD033B30A7D6CD3391234C4C04A82ECCF0750D3BB6DE021F4BA2428DB
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/u5OMVLVnVwH.js
                                                                                                                                                                                                                                                                                      Preview:;/*FB_PKG_DELIM*/.."use strict";(function(){var a=typeof globalThis!=="undefined"&&globalThis||typeof self!=="undefined"&&self||typeof global!=="undefined"&&global;if(typeof a.AbortController!=="undefined")return;var b=function(){function a(){this.__listeners=new Map()}a.prototype=Object.create(Object.prototype);a.prototype.addEventListener=function(a,b,c){if(arguments.length<2)throw new TypeError("TypeError: Failed to execute 'addEventListener' on 'CustomEventTarget': 2 arguments required, but only "+arguments.length+" present.");var d=this.__listeners,e=a.toString();d.has(e)||d.set(e,new Map());var f=d.get(e);f.has(b)||f.set(b,c)};a.prototype.removeEventListener=function(a,b,c){if(arguments.length<2)throw new TypeError("TypeError: Failed to execute 'addEventListener' on 'CustomEventTarget': 2 arguments required, but only "+arguments.length+" present.");var d=this.__listeners,e=a.toString();if(d.has(e)){var f=d.get(e);f.has(b)&&f["delete"](b)}};a.prototype.dispatchEvent=function(a){if

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 300

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:GIF image data, version 89a, 290 x 39
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):707
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.198149119643148
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:CS7JGTQBjuCnuSVcnYnjDNL7FESeF/er5lXKnlKPaVRJmSlE:CN0B/Vca9BEVZslXKIiV3A
                                                                                                                                                                                                                                                                                      MD5:DEE45A9F2A80F309618AFF68282D9BC3
                                                                                                                                                                                                                                                                                      SHA1:0B341A3ADA849A0E17A93A11188EF07F8B434209
                                                                                                                                                                                                                                                                                      SHA-256:09197148DC44118BBC7D7AD914EF22930C8B6F27EB201E1A2E386A0C4F65D64E
                                                                                                                                                                                                                                                                                      SHA-512:09FE7F0D7A2AF3A85534F19D5BFEF6D078A09F8772A1F75E679B922685BE98AAD6B7D9BAF88580B42EC5C77927D92D0663F4791DF759401E957F5D7B0AD85018
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/sites/all/themes/freshmade/img/help.gif
                                                                                                                                                                                                                                                                                      Preview:GIF89a".'....222444:::OOO777;;;MMMHHH555!!!888???+++III666>>>DDDKKKBBBAAA<<< 000EEECCCGGGNNN===@@@$$$,,,999JJJ---)))FFF"""111(((%%%'''&&&LLLPPP333.........................................................!.......,....".'....@.pH,......j:..tJ.Z..v..z.... !..h.k.n..k..@.tZ..~................-..r..p................|......p..........z%......+"......-!....o........ ..k.................."..............$....z8......*TWa......XH..... NB.... .1h.....(S.J.....%T......m....'!...p.Q....|F.e.A..GY...a".<m..`..W.IpR..,J..%80..T..L...P.F. .....d....8.Y....B..7...`pL.[.../....Z......Lz......(.:......@......qXm.7,...9..qQ.o.k@.sP.. Pv....>d..*...../..b......_.H..|n....!..........,.L .yA..;

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 301

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:troff or preprocessor input, ASCII text
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):961
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.001310657616255
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:vK8FWltcrUl+n/r5scueZUrr5rRMzRxNlr53Hk0L5l5LE7iOwJv3HO0A:/Z5sSy5rRMZZ5XTlvwoa
                                                                                                                                                                                                                                                                                      MD5:ECBAED7E190BD0F2270D971CAAF3C5E7
                                                                                                                                                                                                                                                                                      SHA1:C274132B4FB77B417759BF6C1CDC41C2F6C0779A
                                                                                                                                                                                                                                                                                      SHA-256:D0BBAD771A8A5AC5F9446791109693AECA1D676D44CED48F8514857F7D3E6FD0
                                                                                                                                                                                                                                                                                      SHA-512:7AE1DDBB196B992D41D24CEC4819EEC374D5FA970179802328F4F744D88985BFD2FCB2CD4E48178C0420C60779C10C54740EB3FC778B5B53B18E0CA4DE031C4C
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/modules/system/system.messages.css?s7978o
                                                                                                                                                                                                                                                                                      Preview:./**. * @file. * Styles for system messages.. */..div.messages {. background-position: 8px 8px; /* LTR */. background-repeat: no-repeat;. border: 1px solid;. margin: 6px 0;. padding: 10px 10px 10px 50px; /* LTR */.}..div.status {. background-image: url(../../misc/message-24-ok.png);. border-color: #be7;.}.div.status,..ok {. color: #234600;.}.div.status,.table tr.ok {. background-color: #f8fff0;.}..div.warning {. background-image: url(../../misc/message-24-warning.png);. border-color: #ed5;.}.div.warning,..warning {. color: #840;.}.div.warning,.table tr.warning {. background-color: #fffce5;.}..div.error {. background-image: url(../../misc/message-24-error.png);. border-color: #ed541d;.}.div.error,..error {. color: #8c2e0b;.}.div.error,.table tr.error {. background-color: #fef5f1;.}.div.error p.error {. color: #333;.}..div.messages ul {. margin: 0 0 0 1em; /* LTR */. padding: 0;.}.div.messages ul li {. list-style-image: none;.}.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 302

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1984)
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):7219
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.325367555808435
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:4RbGMN3dbZtGY0ACeSLxxS5mwgWcabR6O:4RFN3dbSY0A6LxxPWlJ
                                                                                                                                                                                                                                                                                      MD5:93885FDA9BA0C276CF15BAF4380C0987
                                                                                                                                                                                                                                                                                      SHA1:118728C82B6E60DF91C02157CA98E483D706F376
                                                                                                                                                                                                                                                                                      SHA-256:2DBAC4E8CD6857DA9A016FD547C6FDAFEAEA06107E9B0461D531322C50A16957
                                                                                                                                                                                                                                                                                      SHA-512:DD56C469E49E6C944A303717B1D6DBC8DE878E1D5098C1277C519DCB831F6420DE5C498B9EB1588619B80E0D1F215B9B644111FD6473E8526F903124975D7315
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://static.xx.fbcdn.net/rsrc.php/v3/y3/r/Vvet8_5H-wT.js
                                                                                                                                                                                                                                                                                      Preview:;/*FB_PKG_DELIM*/..__d("Banzai",["cr:7383"],(function(a,b,c,d,e,f,g){g["default"]=b("cr:7383")}),98);.__d("EventEmitterWithValidation",["BaseEventEmitter"],(function(a,b,c,d,e,f){"use strict";a=function(a){babelHelpers.inheritsLoose(b,a);function b(b,c){var d;d=a.call(this)||this;d.$EventEmitterWithValidation1=Object.keys(b);d.$EventEmitterWithValidation2=Boolean(c);return d}var c=b.prototype;c.emit=function(b){if(this.$EventEmitterWithValidation1.indexOf(b)===-1){if(this.$EventEmitterWithValidation2)return;throw new TypeError(g(b,this.$EventEmitterWithValidation1))}return a.prototype.emit.apply(this,arguments)};return b}(b("BaseEventEmitter"));function g(a,b){a='Unknown event type "'+a+'". ';a+="Known event types: "+b.join(", ")+".";return a}e.exports=a}),null);.__d("IdleCallbackImplementation",["performanceNow","requestAnimationFramePolyfill"],(function(a,b,c,d,e,f,g){var h,i=[],j=0,k=0,l=-1,m=!1,n=1e3/60,o=2;function p(a){return a}function q(a){return a}function b(b,c){var d=k++;i[d

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 303

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):24700
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.968528865651736
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:GHfwcaJBgSMmGgHQJggggIbMTD61ZbaneHs2A3LnHBApq2vx:5caJ9MmGg9cywneHhNvx
                                                                                                                                                                                                                                                                                      MD5:3A7C8CB6C41065D85F69EE094369914F
                                                                                                                                                                                                                                                                                      SHA1:D135A90F955A639B78C2715EAEED0E942DC97628
                                                                                                                                                                                                                                                                                      SHA-256:634C02A4972A052FF5A0A7FF0A2DDF218A74EC7A6357D5AD0596540A23151EAF
                                                                                                                                                                                                                                                                                      SHA-512:708099A2BF7488FD1941B2047EBA7FB568D8A867C9B26FC40BFBE55958837FC73109F4AF5E955D7ACBB15419F1FFA89C139C2D30FFBB9F8071CE47F80B925624
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://img.youtube.com/vi/vx4aQB92rWE/0.jpg
                                                                                                                                                                                                                                                                                      Preview:......JFIF......................................................................................................................................................h....".........................................]..........................."#..23CRT...$4BSbcst.....Dr.!5Qd.........Uu...%1AE..ae..6q.....&................................/........................."...2B.!#13AR4CQSs..............?..*...#..%..V...4...F...8X..../T....K....<...o0B..9.....mh....!.U[....F....L)B....9sJ.J..Ta......3.]...d............9.Q.I..$...}_..I.~...7...pl.ft..L1....c.1..bWm.....`......O.g6..._%C...*..`.......'2ff..S..f ...^....P.FvF.a../F..........I..H.\ {.^"J.c9.\..d3..d%....K.. B.....b,@.X... e...b.P... e...b.R..K..(K.-.(O$ B..$X..K.. B..E.....K@....b.P...".P..."fP... e.v"..B].....bB.!-.... B...B.I.l.....w....q..qt...d... .:...:Q.+..a.G...."G.uq.2...E.L.q/!...|..I.#./...6K..s.<G..pb..........]..h.~6....{.T......F..v2H..t..a.b..s.@...3$....#..g..p.sx...Z....yo...h...H\

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 304

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):144
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.6203088339014995
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:HKBiLVKkmFmGOCXLFSKPkRtZbBL9GOCXLFSKPJK89MFFHEGOCXLyJKn:qBoVIF/hRk79BOhRZqlD
                                                                                                                                                                                                                                                                                      MD5:21D9D9DF449CAF1C50A6B24A7D37C8A6
                                                                                                                                                                                                                                                                                      SHA1:8D406985562B474368905936421000D3B439F78C
                                                                                                                                                                                                                                                                                      SHA-256:4569FBFEF2A73B2369D1E070A2CE3511F5A8C6A22A7CD6D61BAF4982E75A21EE
                                                                                                                                                                                                                                                                                      SHA-512:0370F31D214E9883A8A5714185CEEF61CA00046D73B4F1B3A42DC4E67B643DA5B5D1C41A4ECD76277A49D42D57B573C784C705A53EB79B6F882A202A445BBF5E
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/modules/node/node.css?s7978o
                                                                                                                                                                                                                                                                                      Preview:..node-unpublished {. background-color: #fff4f4;.}..preview .node {. background-color: #ffffea;.}.td.revision-current {. background: #ffc;.}.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 305

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1140)
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1464
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.149208880585223
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:N0hJx3i749F8cBPfk2itw2N/G7y73Be7xYXAL8y73jncStFjy73X+8xYXAodYXQr:N0nx3YsF87ntw2Q7cBYxYQL8cjncsFjJ
                                                                                                                                                                                                                                                                                      MD5:B4CFA1D07F60EEBD4746A3941196BD67
                                                                                                                                                                                                                                                                                      SHA1:942EF6A5CC88258AAEB743A16847F1D09FED0E0E
                                                                                                                                                                                                                                                                                      SHA-256:D24A2E5DB8C476184F3F4B28FE5BE7CFD159C276D1F58AF244D72DE55D5DEE16
                                                                                                                                                                                                                                                                                      SHA-512:92B37DDB9062505222BF0EA74F94A1E0BCF017FAB20B2F6C6C508B668390965508EE06A591495F9D6A1510B2C17005D2E87A8413B9633052C8640DBA95FEE91A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:/**.* hoverIntent r6 // 2011.02.26 // jQuery 1.5.1+.* <http://cherne.net/brian/resources/jquery.hoverIntent.html>.* .* @param f onMouseOver function || An object with configuration options.* @param g onMouseOut function || Nothing (use configuration options object).* @author Brian Cherne brian(at)cherne(dot)net.*/.(function($){$.fn.hoverIntent=function(f,g){var cfg={sensitivity:7,interval:100,timeout:0};cfg=$.extend(cfg,g?{over:f,out:g}:f);var cX,cY,pX,pY;var track=function(ev){cX=ev.pageX;cY=ev.pageY};var compare=function(ev,ob){ob.hoverIntent_t=clearTimeout(ob.hoverIntent_t);if((Math.abs(pX-cX)+Math.abs(pY-cY))<cfg.sensitivity){$(ob).unbind("mousemove",track);ob.hoverIntent_s=1;return cfg.over.apply(ob,[ev])}else{pX=cX;pY=cY;ob.hoverIntent_t=setTimeout(function(){compare(ev,ob)},cfg.interval)}};var delay=function(ev,ob){ob.hoverIntent_t=clearTimeout(ob.hoverIntent_t);ob.hoverIntent_s=0;return cfg.out.apply(ob,[ev])};var handleHover=function(e){var ev=jQuery.extend({},e);var o

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 306

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1305)
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):46274
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.48786904450865
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:aqNVrKn0VGhn+K7U1r2p/Y60fyy3/g3OMZht1z1prkfw1+9NZ5VA:RHrLVGhnpIwp/Y7cnz1RkLL5m
                                                                                                                                                                                                                                                                                      MD5:E9372F0EBBCF71F851E3D321EF2A8E5A
                                                                                                                                                                                                                                                                                      SHA1:2C7D19D1AF7D97085C977D1B69DCB8B84483D87C
                                                                                                                                                                                                                                                                                      SHA-256:1259EA99BD76596239BFD3102C679EB0A5052578DC526B0452F4D42F8BCDD45F
                                                                                                                                                                                                                                                                                      SHA-512:C3A1C74AC968FC2FA366D9C25442162773DB9AF1289ADFB165FC71E7750A7E62BD22F424F241730F3C2427AFFF8A540C214B3B97219A360A231D4875E6DDEE6F
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:(function(){var E;var g=window,n=document,p=function(a){var b=g._gaUserPrefs;if(b&&b.ioo&&b.ioo()||a&&!0===g["ga-disable-"+a])return!0;try{var c=g.external;if(c&&c._gaUserPrefs&&"oo"==c._gaUserPrefs)return!0}catch(f){}a=[];b=n.cookie.split(";");c=/^\s*AMP_TOKEN=\s*(.*?)\s*$/;for(var d=0;d<b.length;d++){var e=b[d].match(c);e&&a.push(e[1])}for(b=0;b<a.length;b++)if("$OPT_OUT"==decodeURIComponent(a[b]))return!0;return!1};var q=function(a){return encodeURIComponent?encodeURIComponent(a).replace(/\(/g,"%28").replace(/\)/g,"%29"):a},r=/^(www\.)?google(\.com?)?(\.[a-z]{2})?$/,u=/(^|\.)doubleclick\.net$/i;function Aa(a,b){switch(b){case 0:return""+a;case 1:return 1*a;case 2:return!!a;case 3:return 1E3*a}return a}function Ba(a){return"function"==typeof a}function Ca(a){return void 0!=a&&-1<(a.constructor+"").indexOf("String")}function F(a,b){return void 0==a||"-"==a&&!b||""==a}function Da(a){if(!a||""==a)return"";for(;a&&-1<" \n\r\t".indexOf(a.charAt(0));)a=a.substring(1);for(;a&&-1<" \n\r\t".i

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 307

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:GIF image data, version 89a, 290 x 39
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):707
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.198149119643148
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:CS7JGTQBjuCnuSVcnYnjDNL7FESeF/er5lXKnlKPaVRJmSlE:CN0B/Vca9BEVZslXKIiV3A
                                                                                                                                                                                                                                                                                      MD5:DEE45A9F2A80F309618AFF68282D9BC3
                                                                                                                                                                                                                                                                                      SHA1:0B341A3ADA849A0E17A93A11188EF07F8B434209
                                                                                                                                                                                                                                                                                      SHA-256:09197148DC44118BBC7D7AD914EF22930C8B6F27EB201E1A2E386A0C4F65D64E
                                                                                                                                                                                                                                                                                      SHA-512:09FE7F0D7A2AF3A85534F19D5BFEF6D078A09F8772A1F75E679B922685BE98AAD6B7D9BAF88580B42EC5C77927D92D0663F4791DF759401E957F5D7B0AD85018
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:GIF89a".'....222444:::OOO777;;;MMMHHH555!!!888???+++III666>>>DDDKKKBBBAAA<<< 000EEECCCGGGNNN===@@@$$$,,,999JJJ---)))FFF"""111(((%%%'''&&&LLLPPP333.........................................................!.......,....".'....@.pH,......j:..tJ.Z..v..z.... !..h.k.n..k..@.tZ..~................-..r..p................|......p..........z%......+"......-!....o........ ..k.................."..............$....z8......*TWa......XH..... NB.... .1h.....(S.J.....%T......m....'!...p.Q....|F.e.A..GY...a".<m..`..W.IpR..,J..%80..T..L...P.F. .....d....8.Y....B..7...`pL.[.../....Z......Lz......(.:......@......qXm.7,...9..qQ.o.k@.sP.. Pv....>d..*...../..b......_.H..|n....!..........,.L .yA..;

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 308

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:GIF image data, version 89a, 1000 x 150
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1401
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.742574755380128
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:g76e4OWpgfM/2lYJbJW5RZEsR/HaA/rilPfZkr/XjdZ6dmQDCEgDmv1+8:A6/Smbo5RZ9R/fHrpZ2pmEgG+8
                                                                                                                                                                                                                                                                                      MD5:B57D11F10694DCA7D9BC95C57643035C
                                                                                                                                                                                                                                                                                      SHA1:57F89EA59F701058EA0581D6BEEDA425F61BB104
                                                                                                                                                                                                                                                                                      SHA-256:C674A7D5A982B656A41668A286E8DC16C467643A1A500634D445363C661ACF1E
                                                                                                                                                                                                                                                                                      SHA-512:E1F4796F770D260DB805926B787736F4DA3AB90B63FEC6EE17A7ABBD9879FB18524E9FEE59321FD05A599C8F4FB9995CF2B03639B2692C152CD12F949093AF41
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:GIF89a.......................................................................................................!.......,..............A....(...E.5.d.x..|....pH,...r.l:..tJ.Z..v..z..C..)......H....AD2.T,.LF..................Cbdfhjlnp.rt%')+-/135...............egikmoq.s#.w.z.}...................v.y.|..................x.{...............U.S.`..)\........n.5....... C.|2q..j.}.e.'...0c.I.\......m..@...J.h....Y{..gK.P.J.J.(.(/.d....`..w..N..5.....p....0.E.[.n........t.J.k.+^....JS......3k.....7..M.t..Y..Vk...c...$a.M......P...+...+.".0Z.O.K.N.:............................x........n...(.C...[b.&........b.1(....v.U....r.x.u(.$..!{....,Jqb}..(.4......4.x`.<.)..>B8.HrX.vI6.d.Kf..T..e.Uf..uW...`..e.a.i.ic.x.l:.&.m.)'_o.i.q..|~.g...J...j(L.....%....h..V. m....x(.i..3i.............p.2..:.j............*..J.Y..h$..6.D..F+...Nkm...^...n..~+..kn........+....ko......../...+p...lp......./...?,...Olq.._.1..o....,..!.l.%.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 309

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):184
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.903837769793088
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:OuwevFMQ3wN2LmyvFPftQuwLAT9j0kmFmGOCXLFSKPkRtKT9mIHkGOCXLFSKPJa:OuaQ3IsNFtQyT9jOF/hRk7KT9XhR8
                                                                                                                                                                                                                                                                                      MD5:963A483E773DE7DFD310013EF2E2817F
                                                                                                                                                                                                                                                                                      SHA1:7F9116863EB5CA638B18A29E532709B6E3B3B831
                                                                                                                                                                                                                                                                                      SHA-256:DD1C7822082E5D2CDA6242DF595462DFFC97BFB4EC52B3DD9AF2A9ABB27BCA82
                                                                                                                                                                                                                                                                                      SHA-512:4A8C55360C1C157142DBF6949FA918C0DBA0A998378EF49791D1515160B05DE9BC8B119B03BC4B05CBE40F0A5B0AACFFBF007EC5BCB4575492C7D0CB0BEC672E
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/modules/comment/comment.css?s7978o
                                                                                                                                                                                                                                                                                      Preview:.#comments {. margin-top: 15px;.}..indented {. margin-left: 25px; /* LTR */.}..comment-unpublished {. background-color: #fff4f4;.}..comment-preview {. background-color: #ffffea;.}.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 310

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:GIF image data, version 89a, 150 x 46
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):5195
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.715601612065373
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:hp0tBfCOclKkGirI52KKgeZ6ejIpRqZIptKy5t0s8BoflZMCyqDdB9kTYhf/qlwA:307CEirI55Amq0tKu0Mfzpy8dzSlw+IG
                                                                                                                                                                                                                                                                                      MD5:E9D15D0766121785DF8D5EDD850D7ECC
                                                                                                                                                                                                                                                                                      SHA1:798A48927037F5EEC1FEA05D1AD2519FEFE559AA
                                                                                                                                                                                                                                                                                      SHA-256:8F387CAA4B0E01F22A467BCC511CB045BCEA2E1DDFDEDE02EBA535D76AADBC1C
                                                                                                                                                                                                                                                                                      SHA-512:9D4113EFD214618B20E21620DB425DE8787591439B2F64AFF46313B48A63772E0CF90547C18F5C86EF2E7774F81E36A981FD6702148A04AD5E868F17C0CD7479
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:GIF89a........m+.p..y6.x5.e$.l*.g&.s1.w4.q/.h&.j(.f%.o-.v3.n,.u3.t2.r0.i'.k).g%.i(.e#.x6.v4.t1.s0.h'.u2.w5.f$.d".y7.z8.t1.j).c!.b .x6.{8.i'.c".f%.u3.i(.{9.w5.b .b!.v3.|8.a .w4.k).k*.d".v4.e$.y7.r/.j).q..z8.t2.h'.q..|8.a!.e#.x5.p-.m,.g&.k*.y6.n+.f$.g%.b".{9.c!.r/.n,.l+.{7.|9.a!.l*.o-.j(.{8.s1.o,.z7.r0.q/.b!.o-.n-.u2.q0.n-.l+.s0.d#.c#.o,.q/.o..b".e$.{7.p-.h&.z6.t2.n,.m+.c#.k(.l*.r1.z6.n+.k).r0.t3.l).l).x5.z7.y5.i&.x4.c".w4.d$.e%.i'.g%.t0.m,.g$.q0.y5.m*.g'.p/.f&.w3.y6.i).i&.t3.p/.v4.v5.d$.k(.d#.v3.f%.p..w3.g$.m*.v2.i(.m+.f&.x4.o..d".p..l,.r1.e%.v2.d!.y7.t0.q..a .d#.c".s*.L..M.b!.z7.{8.|9.a ..........................................................................................................................................................................................!.......,............y..H......*\.......H....3j.... C.ta....(.A1.R.......6d...(..1...3n.$i.e.!P\......%......1..s.e..!EQ..9.J..Q.|.e....rf.Y.fJ..^Z.ee..N..`.....j..Hz2..!Lgt..Ul...Pd..S....Uz..4..:.'..3n._A

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 311

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):52
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.825251737288652
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:eH4cndk1sQigmH10ra5gEk+:eHtYsQijq9N+
                                                                                                                                                                                                                                                                                      MD5:61657616DD01DCAD6BA277949613403B
                                                                                                                                                                                                                                                                                      SHA1:06D00C51A4C64B416B2FD15ED58F9E3E914C1134
                                                                                                                                                                                                                                                                                      SHA-256:54FABE9AC27A8BA0E84025FE6E9A2FFA5A6628633B105098FCB27715AC182ACF
                                                                                                                                                                                                                                                                                      SHA-512:05898E09950D0307ED4F99543A3ECF9B27F615AB7F016AEF4E02A877D5ED70C2A11116CE073EF44E6F6CFB7AD0FE9AC809F61B8A282710BA93903F96074DC49C
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgknilW7cngRJBIFDZRU-s8SBQ2DqFs9EgUNjhieEQ==?alt=proto
                                                                                                                                                                                                                                                                                      Preview:CiMKCw2UVPrPGgQIBxgBCgsNg6hbPRoECAkYAQoHDY4YnhEaAA==

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 312

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:HTML document, Non-ISO extended-ASCII text, with very long lines (7298)
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):22985
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.321583132667954
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:N++CsEj8+PbEZHVdetKseCTOgEufydzXnL2dp6I5YFJYciNKuX:xCsEj8+PbEZHVAleCTOgEPt3L2d90HuX
                                                                                                                                                                                                                                                                                      MD5:1D37B18F1D4106E98F75186F3369EC78
                                                                                                                                                                                                                                                                                      SHA1:F3F5E90734DAB69F78441279657320A748FB329D
                                                                                                                                                                                                                                                                                      SHA-256:10B39108CCA010C375E04EBAF9A971A0B6829930A827995234C24FF00ADA160F
                                                                                                                                                                                                                                                                                      SHA-512:A0E158682E2DD324CFF009AA0F0571CD489696418B1E2FFC0FC12719467EFBBE3AE24B927569A762082CD7B95F628769F55C4994AEA4863A9EE68BEFE0D20646
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN". "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" version="XHTML+RDFa 1.0" dir="ltr". xmlns:content="http://purl.org/rss/1.0/modules/content/". xmlns:dc="http://purl.org/dc/terms/". xmlns:foaf="http://xmlns.com/foaf/0.1/". xmlns:og="http://ogp.me/ns#". xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#". xmlns:sioc="http://rdfs.org/sioc/ns#". xmlns:sioct="http://rdfs.org/sioc/types#". xmlns:skos="http://www.w3.org/2004/02/skos/core#". xmlns:xsd="http://www.w3.org/2001/XMLSchema#">..<head profile="http://www.w3.org/1999/xhtml/vocab">. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<meta name="Generator" content="Drupal 7 (http://drupal.org)" />.<link rel="canonical" href="/products/imbatch/thankyou" />.<link rel="shortlink" href="/node/51" />.<meta name="description" content="Thank you page for ImBatch program. Links to the tutorials" />.<link

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 313

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:GIF image data, version 89a, 1200 x 130
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):13692
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.9655707241410365
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:QrvznMFISSfPAQNB+xUyV3PcUfAo4svvUyWOaWYcX:dIRAQNM6yljfAkiGX
                                                                                                                                                                                                                                                                                      MD5:643F8178900831AE494AC945C34C5B9F
                                                                                                                                                                                                                                                                                      SHA1:2C299A11B2FB8AB270217C846CB54CF215DBF938
                                                                                                                                                                                                                                                                                      SHA-256:DF8AA68AB3CD14D2256228E890575E75949E99D8CDBAA69C8DAF4CE1BB56F09C
                                                                                                                                                                                                                                                                                      SHA-512:120F6F65BCD12F721720E5EA185E6D82A40AA255921BDE9B18C14E64E78F04B137C9A6EB504BC0C268C9B7C6E1E0A963317CF6983493BCA1413D78C0DD26C66B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:GIF89a.......(('6300.,999L>2+)'.,*F8*?81L>040,:4.H<0H=20/.N>062.=2(J<.:61,++741M@3J:,2.*:5010.F:.>6.<4,D;2B:2B8/,*(666.-,*))>704.(F6&N@0C90@6,H:,)'&82,>4*42/B6+1,'D8,92*84/60**('D7*L<.J>183.20-0,)888H;.=5.**);;;G8*C:0F;0@7.41-0-*80(..-B7,:3,RB3PA472-.+('&&2/,61,444,,+'''D9.>5,<2)4/*=3)J=0F7&80'81*E:/F<15.(<6/?6-F9,:1(C8-<3*6/(60)@5*E8+@5)K;-K>0K<-2-(;4-/+'?4)777322222333211/..531321100111-,,431951421M=-QA1000N>.F<2OA4@91O?/QB2///P@1+**---332QA2A92420<71840841=71QB3K?3210N@3320+++,,,***L<,...E;2520221<60PB3G<2PA2N>/21/P@0P?0K;+J:*31/L<-I9)I>3=70851D:1RA2310Q@1;61J>2J>3O@3A8/G=2M>-OA3<<<20.H8(110D:0//.++*J:+O>/PA3PA1H8)=60@80P?/;2)J9*N?053094/QC3K>1L?2@81B91L=,O>.L=.31.30-N@2I8)N=.O@1K:*J9)N=-A80O?.20/<5/Q@0N>-M=,OA2K:+E:0G7'--,L<+K;*L;,I:*4-(J;-:::H9*M?2B5)C6*K<+M<-I<....!.......,...............H. A(U.&4......H...!.h...cG8p..C....(..Y.%B.-Z..a.F..}.n.<.S..e@...F....HO.[...P.J.J...X.j....`..K...h.]...p..K.j..F..]...PX.|..r@...6i.....2HPv1I2..z =v.1...)F|H..A....\.u...

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 314

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):1827
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.922624752759458
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:qsE+7wdV+5F2ycasM7qW+MEyq7It/AnZLYgDVLAuUGh3tMZJZWrY3evJw/pEuV/X:nwK2usSqBMocwiuUkdMfcdZ9Xq
                                                                                                                                                                                                                                                                                      MD5:1162BEC186856E63A6CA207B04282816
                                                                                                                                                                                                                                                                                      SHA1:FCEA4D257DB4347396261FC4A80920DF84E7B2D9
                                                                                                                                                                                                                                                                                      SHA-256:63EEB9BAF46A801BCCB55EF3C1A60610E820D57F90814480A393A0EC8EDB36A3
                                                                                                                                                                                                                                                                                      SHA-512:B707D498EBBF4E164A6C70872E63270306809B70AEEBFAD3A7BA2F96DFB72EB73E102F50208C1DE4C5D62E6026E8A10F7D2057FA1AF83EA5014EEA587E499845
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/modules/user/user.css?s7978o
                                                                                                                                                                                                                                                                                      Preview:.#permissions td.module {. font-weight: bold;.}.#permissions td.permission {. padding-left: 1.5em; /* LTR */.}.#permissions tr.odd .form-item,.#permissions tr.even .form-item {. white-space: normal;.}.#user-admin-settings fieldset .fieldset-description {. font-size: 0.85em;. padding-bottom: .5em;.}../**. * Override default textfield float to put the "Add role" button next to. * the input textfield.. */.#user-admin-roles td.edit-name {. clear: both;.}.#user-admin-roles .form-item-name {. float: left; /* LTR */. margin-right: 1em; /* LTR */.}../**. * Password strength indicator.. */..password-strength {. width: 17em;. float: right; /* LTR */. margin-top: 1.4em;.}..password-strength-title {. display: inline;.}..password-strength-text {. float: right; /* LTR */. font-weight: bold;.}..password-indicator {. background-color: #C4C4C4;. height: 0.3em;. width: 100%;.}..password-indicator div {. height: 100%;. width: 0%;. background-color: #47C965;.}.input.password-confirm,.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 315

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):1150
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.278152832319807
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:H1bhIFarvMy3fhG6twikbauHcpZ62LWaVy1DxBBl2XP3LKQGUZUJTf:VtrvMQDwJWu8a2vy1DxD0frGUZUJTf
                                                                                                                                                                                                                                                                                      MD5:1973F711F31AB1F7610147CD152A6257
                                                                                                                                                                                                                                                                                      SHA1:1214DBB562B29CC1C9D4F83033FCDDA2E230A347
                                                                                                                                                                                                                                                                                      SHA-256:96DDD72A3C68D3390823E8246494C5305D61F884C4E27A78F72185DAA5BF9810
                                                                                                                                                                                                                                                                                      SHA-512:B8E2708348A3E898CC7B869CD69C78387E3274549DC97025D88884568BA5D8897DBDF9ACE1378079E396BE13374A7DDA5448372AFBECB5DDCCC276BD19252A36
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/sites/default/files/favicon.ico
                                                                                                                                                                                                                                                                                      Preview:............ .h.......(....... ..... .............................kkm.jkn.....qje.jqxqYu..Ov..Ov..Yu..jqxqqje.....jkn.kkm.....kkm.jkn.....lorcEw...r...j...f...f...j...r..Ew..lorc....jkn.kkm.kkn.....hqz.(x...e...Z...[..._...`...[...Z...e..(x..hqz.....kkn.....lor`'z...f...u...........n...l...........u...f..'z..lor`....qjd.Fz...k...t..)...<UM.;_Z.........:`].;TL.)....t...k..Gz..qjd.jqxm.}...g......4...>+".A@3.!.......@D8.>*!.4........g...}..jqxm[z...z...l......7...F?9.GPG.-...+...GSL.G>7.7........l...z..[z..j........r......8...OHA.KQO.Luq.Kws.KRP.OH@.8........r......j...x...<...1...&...O...b]X.[``.\TQ.\SP.[`_.b^X.O...&...1...<...x......Q...K...O...{...........y...x...........z...O...K...Q..........wo...^...`...............w...s...............`...^...o......w........v...t...................................t...v..................l...................................................l.................................................................................s.........................

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 316

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:PNG image data, 18 x 12, 2-bit colormap, non-interlaced
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):121
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.8051133484266515
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:yionv//thPlKll0xgsQ6ctG2/uDlhlKFu9VYof/Xjp:6v/lhPwlGxTQl7/6TQkuofvjp
                                                                                                                                                                                                                                                                                      MD5:374286E7D8DF65E661BFAF685032A7D7
                                                                                                                                                                                                                                                                                      SHA1:BEA4737124DBEF1C0D796009953907FBDFADC14E
                                                                                                                                                                                                                                                                                      SHA-256:1DACE7B7005FCC6E236D32287D90537BD2470CD53563CE55B66F043CED2379DB
                                                                                                                                                                                                                                                                                      SHA-512:E02111DCC364AD176D8A5E8367E11572356DB67C0A94297D4D4AEA47286A500B7FBA454D2CBABA7A01BB6963624E5B8B952C92BE165F56E63C459BA1DF887BAE
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.PNG........IHDR..............|./....PLTE........../......pHYs.................IDAT.[cX....0I\ ...0I.c-..N......IEND.B`.

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 317

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):509
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.824054466016141
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:JQOzH0ztYsNzA7LlIJf9tsR5EtGVIOP9mdNRdkVIy/EMFmdNRFaLv:Bmhjfrhs9mpwIymuv
                                                                                                                                                                                                                                                                                      MD5:0C78B9B65520315A2FB697DB36BB453E
                                                                                                                                                                                                                                                                                      SHA1:F7091F860F3A762111A3BBDE535D63CFCEBE46E0
                                                                                                                                                                                                                                                                                      SHA-256:C1247C6C6E2FA2A3B02F04886DEAC34F46CCEF66483B1C64C1347E6B95E158B9
                                                                                                                                                                                                                                                                                      SHA-512:BB0AFDA3C29CB9992B1C3090CAE81FCCA03E864A5204F30931B5949E1FC3CC4F7ADD361E666B09DBCB41E458A0FA6FF4E353465D3A42073FB4989EC2550F0B1C
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.highmotionsoftware.com/sites/all/modules/ctools/css/ctools.css?s7978o
                                                                                                                                                                                                                                                                                      Preview:.ctools-locked {. color: red;. border: 1px solid red;. padding: 1em;.}...ctools-owns-lock {. background: #ffffdd none repeat scroll 0 0;. border: 1px solid #f0c020;. padding: 1em;.}..a.ctools-ajaxing,.input.ctools-ajaxing,.button.ctools-ajaxing,.select.ctools-ajaxing {. padding-right: 18px !important;. background: url(../images/status-active.gif) right center no-repeat;.}..div.ctools-ajaxing {. float: left;. width: 18px;. background: url(../images/status-active.gif) center center no-repeat;.}.

                                                                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.993975899608724
                                                                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 98.45%
                                                                                                                                                                                                                                                                                      • Inno Setup installer (109748/4) 1.08%
                                                                                                                                                                                                                                                                                      • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                                                                                                                                                                                      • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                      File name:SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe
                                                                                                                                                                                                                                                                                      File size:25'216'120 bytes
                                                                                                                                                                                                                                                                                      MD5:34c8e1d5de3565d30012425d880ab514
                                                                                                                                                                                                                                                                                      SHA1:866082315a5cdea3d26d8edc905065f509158f61
                                                                                                                                                                                                                                                                                      SHA256:fb128fb5731c85a480df19fdb74925d5200b1729cf7478a088ec31c0ba944fba
                                                                                                                                                                                                                                                                                      SHA512:f8d2a87c628ea054bd8deaf2102a17c9a01b6aeb5f5d003b752cd72228c88c7ecf25074e2686e52c7256ab294c6425f8a96d708c7b54f6532cf9b5f4587034df
                                                                                                                                                                                                                                                                                      SSDEEP:786432:iP8vbf893+rQwwilBdoZGbyue5ZhB0VLcsN:uafDwy3oZWCzaJN
                                                                                                                                                                                                                                                                                      TLSH:3147333FF228613FD86E0B3205779250AA7BB6A16816CD1F47F4090DCF7A5701E3AA56
                                                                                                                                                                                                                                                                                      File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                                                                      Icon Hash:0f3d69696969338f

                                                                                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Entrypoint:0x4b5eec
                                                                                                                                                                                                                                                                                      Entrypoint Section:.itext
                                                                                                                                                                                                                                                                                      Digitally signed:true
                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                      Time Stamp:0x6258476F [Thu Apr 14 16:10:23 2022 UTC]
                                                                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                                                                      OS Version Major:6
                                                                                                                                                                                                                                                                                      OS Version Minor:1
                                                                                                                                                                                                                                                                                      File Version Major:6
                                                                                                                                                                                                                                                                                      File Version Minor:1
                                                                                                                                                                                                                                                                                      Subsystem Version Major:6
                                                                                                                                                                                                                                                                                      Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                      Import Hash:e569e6f445d32ba23766ad67d1e3787f

                                                                                                                                                                                                                                                                                      Authenticode Signature

                                                                                                                                                                                                                                                                                      Signature Valid:true
                                                                                                                                                                                                                                                                                      Signature Issuer:CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                                                                                                                                                                                                                                                      Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                                                                      Error Number:0
                                                                                                                                                                                                                                                                                      Not Before, Not After
                                                                                                                                                                                                                                                                                      • 27/01/2023 11:48:23 27/01/2026 11:48:23
                                                                                                                                                                                                                                                                                      Subject Chain
                                                                                                                                                                                                                                                                                      • CN=Bolide Software (Smirnov Maksim Yurievich IP), O=Bolide Software (Smirnov Maksim Yurievich IP), L=Tambov, S=Tambov Oblast, C=RU
                                                                                                                                                                                                                                                                                      Version:3
                                                                                                                                                                                                                                                                                      Thumbprint MD5:BE456B8525EFAF73A46A385823B7F4E3
                                                                                                                                                                                                                                                                                      Thumbprint SHA-1:3F906A52C0DF2761BAE27CF29300BFA51A99AA61
                                                                                                                                                                                                                                                                                      Thumbprint SHA-256:4F1F414CE24C873BA282AF14B2B3BE78D0786468F098D4053E42AF56BD3F33C6
                                                                                                                                                                                                                                                                                      Serial:202C87745513255EE9BE2862

                                                                                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                                                                                      add esp, FFFFFFA4h
                                                                                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                                                                                      push edi
                                                                                                                                                                                                                                                                                      xor eax, eax
                                                                                                                                                                                                                                                                                      mov dword ptr [ebp-3Ch], eax
                                                                                                                                                                                                                                                                                      mov dword ptr [ebp-40h], eax
                                                                                                                                                                                                                                                                                      mov dword ptr [ebp-5Ch], eax
                                                                                                                                                                                                                                                                                      mov dword ptr [ebp-30h], eax
                                                                                                                                                                                                                                                                                      mov dword ptr [ebp-38h], eax
                                                                                                                                                                                                                                                                                      mov dword ptr [ebp-34h], eax
                                                                                                                                                                                                                                                                                      mov dword ptr [ebp-2Ch], eax
                                                                                                                                                                                                                                                                                      mov dword ptr [ebp-28h], eax
                                                                                                                                                                                                                                                                                      mov dword ptr [ebp-14h], eax
                                                                                                                                                                                                                                                                                      mov eax, 004B14B8h
                                                                                                                                                                                                                                                                                      call 00007F4268A807E5h
                                                                                                                                                                                                                                                                                      xor eax, eax
                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                      push 004B65E2h
                                                                                                                                                                                                                                                                                      push dword ptr fs:[eax]
                                                                                                                                                                                                                                                                                      mov dword ptr fs:[eax], esp
                                                                                                                                                                                                                                                                                      xor edx, edx
                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                      push 004B659Eh
                                                                                                                                                                                                                                                                                      push dword ptr fs:[edx]
                                                                                                                                                                                                                                                                                      mov dword ptr fs:[edx], esp
                                                                                                                                                                                                                                                                                      mov eax, dword ptr [004BE634h]
                                                                                                                                                                                                                                                                                      call 00007F4268B232D7h
                                                                                                                                                                                                                                                                                      call 00007F4268B22E2Ah
                                                                                                                                                                                                                                                                                      lea edx, dword ptr [ebp-14h]
                                                                                                                                                                                                                                                                                      xor eax, eax
                                                                                                                                                                                                                                                                                      call 00007F4268A96284h
                                                                                                                                                                                                                                                                                      mov edx, dword ptr [ebp-14h]
                                                                                                                                                                                                                                                                                      mov eax, 004C1D84h
                                                                                                                                                                                                                                                                                      call 00007F4268A7B3D7h
                                                                                                                                                                                                                                                                                      push 00000002h
                                                                                                                                                                                                                                                                                      push 00000000h
                                                                                                                                                                                                                                                                                      push 00000001h
                                                                                                                                                                                                                                                                                      mov ecx, dword ptr [004C1D84h]
                                                                                                                                                                                                                                                                                      mov dl, 01h
                                                                                                                                                                                                                                                                                      mov eax, dword ptr [004238ECh]
                                                                                                                                                                                                                                                                                      call 00007F4268A97407h
                                                                                                                                                                                                                                                                                      mov dword ptr [004C1D88h], eax
                                                                                                                                                                                                                                                                                      xor edx, edx
                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                      push 004B654Ah
                                                                                                                                                                                                                                                                                      push dword ptr fs:[edx]
                                                                                                                                                                                                                                                                                      mov dword ptr fs:[edx], esp
                                                                                                                                                                                                                                                                                      call 00007F4268B2335Fh
                                                                                                                                                                                                                                                                                      mov dword ptr [004C1D90h], eax
                                                                                                                                                                                                                                                                                      mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                                                                                                                      cmp dword ptr [eax+0Ch], 01h
                                                                                                                                                                                                                                                                                      jne 00007F4268B2957Ah
                                                                                                                                                                                                                                                                                      mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                                                                                                                      mov edx, 00000028h
                                                                                                                                                                                                                                                                                      call 00007F4268A97CFCh
                                                                                                                                                                                                                                                                                      mov edx, dword ptr [004C1D90h]

                                                                                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xfdc.idata
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x23944.rsrc
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x1809ed00x25a8
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0xc22f40x254.idata
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                      .text0x10000xb39e40xb3a0043af0a9476ca224d8e8461f1e22c94daFalse0.34525867693110646data6.357635049994181IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                      .itext0xb50000x16880x1800185e04b9a1f554e31f7f848515dc890cFalse0.54443359375data5.971425428435973IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                      .data0xb70000x37a40x3800cab2107c933b696aa5cf0cc6c3fd3980False0.36097935267857145data5.048648594372454IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                      .bss0xbb0000x6de80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                      .idata0xc20000xfdc0x1000e7d1635e2624b124cfdce6c360ac21cdFalse0.3798828125data5.029087481102678IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                      .didata0xc30000x1a40x2008ced971d8a7705c98b173e255d8c9aa7False0.345703125data2.7509822285969876IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                      .edata0xc40000x9a0x2008d4e1e508031afe235bf121c80fd7d5fFalse0.2578125data1.877162954504408IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                      .tls0xc50000x180x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                      .rdata0xc60000x5d0x2008f2f090acd9622c88a6a852e72f94e96False0.189453125data1.3838943752217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                      .rsrc0xc70000x239440x23a00636a63a4b41dacc8ee32607aabb35edaFalse0.8755893640350877data7.644147419977551IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                      RT_ICON0xc75880xa9c6PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9951221756937094
                                                                                                                                                                                                                                                                                      RT_ICON0xd1f500xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.7009594882729211
                                                                                                                                                                                                                                                                                      RT_ICON0xd2df80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.782942238267148
                                                                                                                                                                                                                                                                                      RT_ICON0xd36a00x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.7897398843930635
                                                                                                                                                                                                                                                                                      RT_ICON0xd3c080x102b8PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9929490276603454
                                                                                                                                                                                                                                                                                      RT_ICON0xe3ec00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.5593360995850623
                                                                                                                                                                                                                                                                                      RT_ICON0xe64680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.6076454033771107
                                                                                                                                                                                                                                                                                      RT_ICON0xe75100x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.7553191489361702
                                                                                                                                                                                                                                                                                      RT_STRING0xe79780x360data0.34375
                                                                                                                                                                                                                                                                                      RT_STRING0xe7cd80x260data0.3256578947368421
                                                                                                                                                                                                                                                                                      RT_STRING0xe7f380x45cdata0.4068100358422939
                                                                                                                                                                                                                                                                                      RT_STRING0xe83940x40cdata0.3754826254826255
                                                                                                                                                                                                                                                                                      RT_STRING0xe87a00x2d4data0.39226519337016574
                                                                                                                                                                                                                                                                                      RT_STRING0xe8a740xb8data0.6467391304347826
                                                                                                                                                                                                                                                                                      RT_STRING0xe8b2c0x9cdata0.6410256410256411
                                                                                                                                                                                                                                                                                      RT_STRING0xe8bc80x374data0.4230769230769231
                                                                                                                                                                                                                                                                                      RT_STRING0xe8f3c0x398data0.3358695652173913
                                                                                                                                                                                                                                                                                      RT_STRING0xe92d40x368data0.3795871559633027
                                                                                                                                                                                                                                                                                      RT_STRING0xe963c0x2a4data0.4275147928994083
                                                                                                                                                                                                                                                                                      RT_RCDATA0xe98e00x10data1.5
                                                                                                                                                                                                                                                                                      RT_RCDATA0xe98f00x2c4data0.6384180790960452
                                                                                                                                                                                                                                                                                      RT_RCDATA0xe9bb40x2cdata1.2045454545454546
                                                                                                                                                                                                                                                                                      RT_GROUP_ICON0xe9be00x76dataEnglishUnited States0.6864406779661016
                                                                                                                                                                                                                                                                                      RT_VERSION0xe9c580x584dataEnglishUnited States0.2811614730878187
                                                                                                                                                                                                                                                                                      RT_MANIFEST0xea1dc0x765XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.39091389329107235

                                                                                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                                                                      kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetSystemWindowsDirectoryW, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                                                                                                                                                                                                                                                                      comctl32.dllInitCommonControls
                                                                                                                                                                                                                                                                                      version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                                                                                                                                                                                                                                                      user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                                                                                                                                                                                                                                                                      oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                                                                                                                                                                                                                                                                      netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                                                                                                                                                                                                                                                                      advapi32.dllConvertStringSecurityDescriptorToSecurityDescriptorW, RegQueryValueExW, AdjustTokenPrivileges, GetTokenInformation, ConvertSidToStringSidW, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

                                                                                                                                                                                                                                                                                      Exports

                                                                                                                                                                                                                                                                                      NameOrdinalAddress
                                                                                                                                                                                                                                                                                      TMethodImplementationIntercept30x4541a8
                                                                                                                                                                                                                                                                                      __dbk_fcall_wrapper20x40d0a0
                                                                                                                                                                                                                                                                                      dbkFCallWrapperAddr10x4be63c

                                                                                                                                                                                                                                                                                      Possible Origin

                                                                                                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                      EnglishUnited States

                                                                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                      2024-10-08T00:41:17.749448+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849782172.67.164.223443TCP
                                                                                                                                                                                                                                                                                      2024-10-08T00:41:18.495488+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849787172.67.164.223443TCP

                                                                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:40:51.654856920 CEST49676443192.168.2.852.182.143.211
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:40:54.092324018 CEST49673443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:40:54.420546055 CEST4967780192.168.2.8192.229.211.108
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:40:54.467293024 CEST49672443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:40:56.010025024 CEST4434970723.206.229.226192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:40:56.010256052 CEST49707443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:05.352874041 CEST49708443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:05.352926970 CEST44349708172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:05.353136063 CEST49708443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:05.356403112 CEST49708443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:05.356416941 CEST44349708172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:06.020103931 CEST44349708172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:06.020232916 CEST49708443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:06.079231024 CEST49708443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:06.079265118 CEST44349708172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:06.079659939 CEST44349708172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:06.123497009 CEST49708443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:07.224940062 CEST49708443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:07.267398119 CEST44349708172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:07.441485882 CEST44349708172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:07.441508055 CEST44349708172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:07.441515923 CEST44349708172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:07.441529036 CEST44349708172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:07.441560030 CEST44349708172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:07.441579103 CEST49708443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:07.441596985 CEST44349708172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:07.441612005 CEST49708443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:07.441657066 CEST49708443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:07.442212105 CEST44349708172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:07.442284107 CEST49708443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:07.442285061 CEST44349708172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:07.442325115 CEST49708443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:08.652137041 CEST49708443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:08.652137041 CEST49708443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:08.652169943 CEST44349708172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:08.652183056 CEST44349708172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:08.899439096 CEST49707443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:08.899631023 CEST49707443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:08.901501894 CEST49713443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:08.901534081 CEST4434971323.206.229.226192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:08.901669979 CEST49713443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:08.903865099 CEST49713443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:08.903877020 CEST4434971323.206.229.226192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:08.907046080 CEST4434970723.206.229.226192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:08.907871962 CEST4434970723.206.229.226192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:09.468292952 CEST4434971323.206.229.226192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:09.468367100 CEST49713443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:11.130177021 CEST49714443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:11.130220890 CEST44349714104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:11.130305052 CEST49714443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:11.131417036 CEST49714443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:11.131431103 CEST44349714104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:11.600033998 CEST44349714104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:11.602673054 CEST49714443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:11.602683067 CEST44349714104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:11.604167938 CEST44349714104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:11.604233027 CEST49714443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:11.629796982 CEST49714443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:11.629959106 CEST44349714104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:11.630009890 CEST49714443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:11.630009890 CEST49714443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:11.630106926 CEST49714443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:11.630492926 CEST49718443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:11.630547047 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:11.630597115 CEST49718443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:11.630976915 CEST49718443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:11.631006956 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.082660913 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.092839003 CEST49718443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.092863083 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.094010115 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.094079971 CEST49718443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.098934889 CEST49718443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.099006891 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.099133968 CEST49718443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.099142075 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.190175056 CEST49718443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.588917971 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.588948011 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.588973045 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.589004993 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.589009047 CEST49718443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.589020967 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.589045048 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.589057922 CEST49718443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.589116096 CEST49718443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.589121103 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.589551926 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.590204954 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.590253115 CEST49718443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.590260983 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.590302944 CEST49718443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.593575954 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.593734980 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.594193935 CEST49718443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.594203949 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.672862053 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.672959089 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.672986984 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.673043966 CEST49718443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.673070908 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.673116922 CEST49718443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.673315048 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.673356056 CEST49718443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.673363924 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.673398972 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.676043987 CEST49718443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.956958055 CEST49718443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.956995964 CEST44349718104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.053838968 CEST49719443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.053858995 CEST44349719104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.053950071 CEST49719443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.055073977 CEST49720443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.055116892 CEST44349720104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.055187941 CEST49720443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.055903912 CEST49721443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.055932045 CEST44349721104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.055993080 CEST49721443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.060359955 CEST49722443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.060369015 CEST44349722104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.060425043 CEST49722443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.060802937 CEST49723443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.060827017 CEST44349723104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.060880899 CEST49723443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.061872959 CEST49724443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.061939955 CEST44349724104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.061995983 CEST49724443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.101237059 CEST49719443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.101253033 CEST44349719104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.101444006 CEST49720443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.101465940 CEST44349720104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.101651907 CEST49721443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.101681948 CEST44349721104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.102121115 CEST49722443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.102133036 CEST44349722104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.102451086 CEST49723443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.102463961 CEST44349723104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.102818966 CEST49724443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.102845907 CEST44349724104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.109303951 CEST49725443192.168.2.813.32.27.32
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.109330893 CEST4434972513.32.27.32192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.109385014 CEST49725443192.168.2.813.32.27.32
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.109731913 CEST49726443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.109740019 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.109798908 CEST49726443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.110008955 CEST49725443192.168.2.813.32.27.32
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.110023022 CEST4434972513.32.27.32192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.110156059 CEST49726443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.110169888 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.545706034 CEST44349719104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.546890974 CEST49719443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.546911955 CEST44349719104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.548449993 CEST44349719104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.548506021 CEST49719443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.548902988 CEST49719443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.548916101 CEST49719443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.548964024 CEST49719443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.548998117 CEST44349719104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.549048901 CEST49719443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.549237013 CEST49729443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.549288988 CEST44349729104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.549346924 CEST49729443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.549542904 CEST49729443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.549556017 CEST44349729104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.554981947 CEST44349721104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.560043097 CEST44349724104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.561630011 CEST44349723104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.569014072 CEST44349720104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.574265003 CEST44349722104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.575571060 CEST49722443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.575588942 CEST44349722104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.575710058 CEST49720443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.575726032 CEST44349720104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.575829983 CEST49723443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.575836897 CEST44349723104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.576009035 CEST49724443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.576044083 CEST44349724104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.576328993 CEST49721443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.576339006 CEST44349721104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.576622009 CEST44349722104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.576682091 CEST49722443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.576746941 CEST44349720104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.576802015 CEST49720443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.576841116 CEST44349723104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.576894045 CEST49723443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.577378035 CEST44349721104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.577435017 CEST49721443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.578007936 CEST49720443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.578054905 CEST49720443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.578075886 CEST44349720104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.578119040 CEST49720443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.578253984 CEST44349720104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.578277111 CEST49720443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.578320980 CEST49720443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.578857899 CEST49730443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.578891039 CEST44349730104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.578958988 CEST49730443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.579830885 CEST44349724104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.579915047 CEST49724443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.580362082 CEST49722443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.580388069 CEST49722443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.580431938 CEST44349722104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.580431938 CEST49722443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.580476046 CEST49722443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.580908060 CEST49731443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.580935001 CEST44349731104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.580986977 CEST49731443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.581430912 CEST49723443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.581475973 CEST49723443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.581506014 CEST49723443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.581561089 CEST44349723104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.581615925 CEST49723443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.581743956 CEST49732443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.581779003 CEST44349732104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.581839085 CEST49732443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.582118034 CEST49721443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.582134962 CEST49721443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.582190037 CEST44349721104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.582220078 CEST49721443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.582247019 CEST49721443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.582505941 CEST49733443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.582526922 CEST44349733104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.582572937 CEST49733443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.582796097 CEST49724443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.582874060 CEST49724443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.582951069 CEST49724443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.582984924 CEST44349724104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.583035946 CEST49724443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.583178997 CEST49734443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.583190918 CEST44349734104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.583245993 CEST49734443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.583365917 CEST49730443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.583379030 CEST44349730104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.583498955 CEST49731443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.583514929 CEST44349731104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.583674908 CEST49732443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.583694935 CEST44349732104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.583798885 CEST49733443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.583811998 CEST44349733104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.583928108 CEST49734443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.583940029 CEST44349734104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.710099936 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.716526985 CEST49726443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.716541052 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.717283964 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.717343092 CEST49726443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.718094110 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.718147039 CEST49726443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.754096031 CEST49726443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.754276037 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.754538059 CEST49726443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.754564047 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.822953939 CEST4434972513.32.27.32192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.823206902 CEST49725443192.168.2.813.32.27.32
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.823223114 CEST4434972513.32.27.32192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.824325085 CEST4434972513.32.27.32192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.824377060 CEST49725443192.168.2.813.32.27.32
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.829097033 CEST49725443192.168.2.813.32.27.32
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.829170942 CEST4434972513.32.27.32192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.829267979 CEST49725443192.168.2.813.32.27.32
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.829278946 CEST4434972513.32.27.32192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.959403992 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.959450960 CEST49726443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.960383892 CEST49725443192.168.2.813.32.27.32
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.041117907 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.041177034 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.041251898 CEST49726443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.041268110 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.041300058 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.041538954 CEST49726443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.041547060 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.046986103 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.047091961 CEST49726443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.047102928 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.052911997 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.052959919 CEST49726443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.052969933 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.060643911 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.060702085 CEST49726443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.060710907 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.069644928 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.069988966 CEST49726443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.070003986 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.076395988 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.077006102 CEST49726443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.077022076 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.118490934 CEST44349733104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.118751049 CEST49733443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.118766069 CEST44349733104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.120033026 CEST44349733104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.120176077 CEST49733443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.120765924 CEST49733443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.120852947 CEST49733443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.120857954 CEST44349733104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.120937109 CEST44349733104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.123589039 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.123670101 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.123719931 CEST49726443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.124007940 CEST44349730104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.124018908 CEST44349731104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.124404907 CEST49731443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.124417067 CEST44349731104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.124571085 CEST49730443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.124589920 CEST44349730104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.125454903 CEST44349731104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.125524044 CEST49731443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.125627995 CEST44349730104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.125704050 CEST49730443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.125859976 CEST49731443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.125925064 CEST44349731104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.126132965 CEST49730443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.126214981 CEST44349730104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.126259089 CEST49731443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.126267910 CEST44349731104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.126523972 CEST49730443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.126530886 CEST44349730104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.129996061 CEST44349732104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.130330086 CEST49732443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.130353928 CEST44349732104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.130521059 CEST44349734104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.130796909 CEST49734443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.130804062 CEST44349734104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.131702900 CEST44349732104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.131759882 CEST49732443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.132020950 CEST49732443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.132087946 CEST44349732104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.132267952 CEST49732443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.132277966 CEST44349732104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.132297993 CEST44349734104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.132380009 CEST49734443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.133220911 CEST49734443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.133220911 CEST49734443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.133232117 CEST44349734104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.133392096 CEST44349734104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.136976004 CEST44349729104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.137432098 CEST49729443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.137444019 CEST44349729104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.138524055 CEST44349729104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.138588905 CEST49729443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.138926983 CEST49729443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.138992071 CEST44349729104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.142147064 CEST49729443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.142158031 CEST44349729104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.156536102 CEST49726443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.156560898 CEST44349726142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.172965050 CEST49735443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.173010111 CEST44349735142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.173125982 CEST49735443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.173883915 CEST49735443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.173894882 CEST44349735142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.186358929 CEST49733443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.186359882 CEST49730443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.186358929 CEST49734443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.186388016 CEST44349733104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.186393976 CEST49729443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.186399937 CEST44349734104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.244292021 CEST44349733104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.244319916 CEST44349733104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.244338989 CEST44349733104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.244364977 CEST49733443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.244369984 CEST44349733104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.244381905 CEST44349733104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.244407892 CEST49733443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.244456053 CEST44349733104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.244487047 CEST49733443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.244512081 CEST49733443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.247064114 CEST49733443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.247085094 CEST44349733104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.247503996 CEST49736443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.247561932 CEST44349736104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.247626066 CEST49736443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.248239040 CEST49736443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.248258114 CEST44349736104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.257260084 CEST49731443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.258639097 CEST49732443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.270308018 CEST44349731104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.270389080 CEST44349731104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.270426989 CEST49731443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.270442009 CEST44349731104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.270457983 CEST44349731104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.270502090 CEST49731443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.270503044 CEST44349730104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.270644903 CEST44349730104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.270662069 CEST44349734104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.270715952 CEST49730443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.270726919 CEST44349732104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.270803928 CEST49734443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.270857096 CEST44349732104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.270910025 CEST49732443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.270930052 CEST44349732104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.271018982 CEST44349732104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.271069050 CEST49732443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.271079063 CEST44349732104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.271150112 CEST44349732104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.271198988 CEST49732443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.271524906 CEST44349729104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.271595955 CEST44349729104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.271651983 CEST49729443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.275640011 CEST49730443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.275661945 CEST44349730104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.275978088 CEST49737443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.276015043 CEST44349737104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.276258945 CEST49737443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.277033091 CEST49737443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.277060032 CEST44349737104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.277295113 CEST49734443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.277312040 CEST44349734104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.277796984 CEST49738443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.277806997 CEST44349738104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.277858019 CEST49732443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.277877092 CEST44349732104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.277908087 CEST49738443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.278446913 CEST49739443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.278493881 CEST44349739104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.278664112 CEST49731443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.278682947 CEST44349731104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.278688908 CEST49739443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.278923988 CEST49740443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.278950930 CEST44349740104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.279031992 CEST49740443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.279656887 CEST49738443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.279670000 CEST44349738104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.280025959 CEST49739443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.280050039 CEST44349739104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.280283928 CEST49740443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.280297041 CEST44349740104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.282753944 CEST49729443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.282766104 CEST44349729104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.283111095 CEST49741443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.283152103 CEST44349741104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.283214092 CEST49741443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.283757925 CEST49741443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.283776045 CEST44349741104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.548091888 CEST4434972513.32.27.32192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.548175097 CEST4434972513.32.27.32192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.548604965 CEST49725443192.168.2.813.32.27.32
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.549025059 CEST49725443192.168.2.813.32.27.32
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.549043894 CEST4434972513.32.27.32192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.556462049 CEST49742443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.556514025 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.556582928 CEST49742443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.556819916 CEST49742443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.556835890 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.701683998 CEST44349736104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.702013016 CEST49736443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.702033043 CEST44349736104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.703000069 CEST44349736104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.703053951 CEST49736443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.703432083 CEST49736443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.703463078 CEST49736443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.703514099 CEST49736443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.703763962 CEST44349736104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.703830004 CEST49736443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.703974962 CEST49743443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.704015017 CEST44349743104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.704085112 CEST49743443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.704273939 CEST49743443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.704288960 CEST44349743104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.723414898 CEST44349739104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.723470926 CEST44349741104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.723689079 CEST49739443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.723704100 CEST44349739104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.723870039 CEST49741443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.723891020 CEST44349741104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.724723101 CEST44349739104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.724803925 CEST49739443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.724993944 CEST44349741104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.725023031 CEST44349737104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.725054026 CEST49741443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.725202084 CEST49739443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.725220919 CEST49739443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.725260019 CEST49739443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.725264072 CEST44349739104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.725403070 CEST44349739104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.725409985 CEST49739443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.725455999 CEST49739443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.725794077 CEST49744443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.725816965 CEST44349744104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.725920916 CEST49741443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.725938082 CEST49741443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.725966930 CEST49741443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.726001978 CEST44349741104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.726119041 CEST49744443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.726119995 CEST49745443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.726140022 CEST49741443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.726159096 CEST44349745104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.726234913 CEST49745443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.726490974 CEST49737443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.726500034 CEST44349737104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.726613998 CEST49744443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.726627111 CEST44349744104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.726758003 CEST49745443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.726773977 CEST44349745104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.726875067 CEST44349738104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.727406025 CEST49738443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.727422953 CEST44349738104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.727612019 CEST44349737104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.727679014 CEST49737443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.728180885 CEST49746443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.728193998 CEST44349746104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.728254080 CEST49746443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.728306055 CEST49737443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.728306055 CEST49737443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.728306055 CEST49737443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.728383064 CEST44349737104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.728404045 CEST49746443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.728420019 CEST44349746104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.728441000 CEST44349738104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.728499889 CEST49737443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.728499889 CEST49738443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.728749037 CEST49738443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.728749037 CEST49738443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.728822947 CEST44349738104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.728841066 CEST49738443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.728913069 CEST49738443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.729021072 CEST49747443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.729037046 CEST44349747104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.729271889 CEST49747443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.729532957 CEST49747443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.729541063 CEST44349747104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.731426001 CEST44349740104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.731823921 CEST49740443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.731841087 CEST44349740104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.732817888 CEST44349740104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.732876062 CEST49740443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.733246088 CEST49740443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.733246088 CEST49740443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.733304977 CEST44349740104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.733357906 CEST49740443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.733357906 CEST49740443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.733536005 CEST49748443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.733563900 CEST44349748104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.733620882 CEST49748443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.733798981 CEST49748443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.733812094 CEST44349748104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.784307003 CEST44349735142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.793426991 CEST49735443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.793457985 CEST44349735142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.795068026 CEST44349735142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.858515024 CEST49735443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.858680010 CEST49735443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.858692884 CEST44349735142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.858711958 CEST44349735142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.874433041 CEST49749443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.874481916 CEST44349749142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.874555111 CEST49749443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.874835014 CEST49749443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.874850988 CEST44349749142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.993395090 CEST49735443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.052345991 CEST44349735142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.052550077 CEST44349735142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.052620888 CEST49735443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.052639008 CEST44349735142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.052669048 CEST44349735142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.052807093 CEST49735443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.054290056 CEST44349735142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.058100939 CEST44349735142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.058269024 CEST49735443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.058283091 CEST44349735142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.065066099 CEST44349735142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.065143108 CEST49735443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.065155983 CEST44349735142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.069914103 CEST44349735142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.070164919 CEST49735443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.070173025 CEST44349735142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.075766087 CEST44349735142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.078196049 CEST49735443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.078203917 CEST44349735142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.082326889 CEST44349735142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.082495928 CEST44349735142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.082576990 CEST49735443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.162298918 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.164345980 CEST44349745104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.165990114 CEST44349747104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.168396950 CEST44349743104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.180232048 CEST44349748104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.185317039 CEST44349746104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.191968918 CEST44349744104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.220196009 CEST49746443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.220216990 CEST44349746104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.220329046 CEST49748443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.220354080 CEST44349748104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.220422029 CEST49743443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.220432997 CEST44349743104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.220515966 CEST49747443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.220526934 CEST44349747104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.220612049 CEST49745443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.220623016 CEST44349745104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.220755100 CEST49742443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.220767975 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.220952034 CEST49744443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.220963001 CEST44349744104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.221242905 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.221328974 CEST44349746104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.221379995 CEST49746443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.221438885 CEST44349748104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.221494913 CEST49748443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.221627951 CEST44349747104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.221637011 CEST44349747104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.221684933 CEST49747443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.221774101 CEST44349745104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.221786022 CEST44349745104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.221820116 CEST49745443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.221980095 CEST44349744104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.222038031 CEST49744443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.222294092 CEST44349743104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.222311974 CEST44349743104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.222366095 CEST49743443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.223951101 CEST49742443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.224026918 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.224423885 CEST49743443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.224514008 CEST44349743104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.226835012 CEST49744443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.226906061 CEST44349744104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.227139950 CEST49745443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.227236032 CEST44349745104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.227689981 CEST49747443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.227765083 CEST44349747104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.228624105 CEST49748443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.228727102 CEST44349748104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.229198933 CEST49746443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.229305983 CEST44349746104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.229984045 CEST49742443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.230043888 CEST49743443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.230052948 CEST44349743104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.230184078 CEST49744443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.230191946 CEST44349744104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.230343103 CEST49745443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.230364084 CEST44349745104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.230389118 CEST49747443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.230396986 CEST44349747104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.230448961 CEST49748443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.230458975 CEST44349748104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.230494976 CEST49746443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.230504036 CEST44349746104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.265553951 CEST49735443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.265578985 CEST44349735142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.275402069 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.288659096 CEST49747443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.288674116 CEST49744443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.288675070 CEST49743443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.288678885 CEST49748443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.335671902 CEST44349747104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.335743904 CEST44349747104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.335971117 CEST49747443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.338560104 CEST44349748104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.338670015 CEST44349748104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.338939905 CEST49748443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.339901924 CEST44349744104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.339961052 CEST44349744104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.340056896 CEST49744443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.342928886 CEST44349743104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.343044996 CEST44349743104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.343103886 CEST49743443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.344809055 CEST44349746104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.344849110 CEST44349746104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.344861984 CEST49746443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.344882965 CEST44349746104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.344930887 CEST44349746104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.344974995 CEST44349746104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.344985008 CEST49746443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.345093012 CEST49746443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.348673105 CEST49748443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.348689079 CEST44349748104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.349030018 CEST49750443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.349065065 CEST44349750104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.349190950 CEST49750443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.349824905 CEST49750443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.349839926 CEST44349750104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.351085901 CEST49747443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.351099014 CEST44349747104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.351444960 CEST49751443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.351469994 CEST44349751104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.351754904 CEST49751443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.352330923 CEST49745443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.353346109 CEST49751443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.353377104 CEST44349751104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.353768110 CEST49744443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.353774071 CEST44349744104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.354137897 CEST49752443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.354161978 CEST44349752104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.354243994 CEST49752443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.355314016 CEST49752443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.355328083 CEST44349752104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.355582952 CEST49743443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.355603933 CEST44349743104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.355830908 CEST49753443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.355851889 CEST44349753104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.355978966 CEST49753443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.356826067 CEST49753443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.356834888 CEST44349753104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.359452963 CEST49746443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.359471083 CEST44349746104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.359755039 CEST49755443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.359766960 CEST44349755104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.359827995 CEST49755443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.360549927 CEST49755443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.360563993 CEST44349755104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.422593117 CEST44349745104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.422724962 CEST44349745104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.422779083 CEST49745443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.422807932 CEST44349745104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.422872066 CEST44349745104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.422924995 CEST49745443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.424933910 CEST49745443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.424949884 CEST44349745104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.425286055 CEST49756443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.425309896 CEST44349756104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.425396919 CEST49756443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.426095009 CEST49756443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.426107883 CEST44349756104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.463013887 CEST49713443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.463063955 CEST49713443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.483217955 CEST44349749142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.483563900 CEST49749443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.483577013 CEST44349749142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.483659029 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.483705044 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.483740091 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.483798981 CEST49742443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.483809948 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.483859062 CEST49742443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.484623909 CEST44349749142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.484697104 CEST49749443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.484729052 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.486100912 CEST49749443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.486185074 CEST44349749142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.489351034 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.489377975 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.489399910 CEST49742443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.489409924 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.489480972 CEST49742443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.495304108 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.501266003 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.501300097 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.501323938 CEST49742443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.501333952 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.501374006 CEST49742443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.507219076 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.565238953 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.565301895 CEST49742443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.565314054 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.566148043 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.566195011 CEST49742443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.566203117 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.568140030 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.568186045 CEST49742443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.568202972 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.574665070 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.574728012 CEST49742443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.575037956 CEST49742443192.168.2.8142.250.186.78
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.575052977 CEST44349742142.250.186.78192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.589693069 CEST49757443192.168.2.8216.58.206.46
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.589720011 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.589838982 CEST49757443192.168.2.8216.58.206.46
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.590051889 CEST49757443192.168.2.8216.58.206.46
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.590068102 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.680563927 CEST49749443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.680597067 CEST44349749142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.789155960 CEST49749443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.797709942 CEST44349751104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.803169966 CEST44349755104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.803622007 CEST44349753104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.813214064 CEST49751443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.813239098 CEST44349751104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.813404083 CEST44349752104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.813560963 CEST49753443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.813577890 CEST44349753104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.813663960 CEST49755443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.813683987 CEST44349755104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.813752890 CEST49752443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.813760042 CEST44349752104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.814598083 CEST44349751104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.814608097 CEST44349753104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.814694881 CEST49751443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.814805031 CEST44349752104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.814858913 CEST49753443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.814888954 CEST49752443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.817341089 CEST44349755104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.817418098 CEST49755443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.818625927 CEST49753443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.818686008 CEST44349753104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.818779945 CEST49753443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.818784952 CEST44349753104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.818840027 CEST49753443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.818852901 CEST49753443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.819118977 CEST49758443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.819142103 CEST44349758104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.819310904 CEST49758443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.819797993 CEST49751443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.819870949 CEST44349751104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.820081949 CEST49751443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.820081949 CEST49751443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.820100069 CEST44349751104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.820108891 CEST49751443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.820158958 CEST49751443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.820348024 CEST49759443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.820385933 CEST44349759104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.820501089 CEST49759443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.820751905 CEST49752443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.820861101 CEST49752443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.820897102 CEST44349752104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.820907116 CEST49752443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.820981026 CEST49752443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.821238041 CEST49760443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.821247101 CEST44349760104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.821643114 CEST49755443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.821655989 CEST49755443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.821686029 CEST49755443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.821697950 CEST49760443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.821850061 CEST44349755104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.821867943 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.821877956 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.821916103 CEST49755443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.821959972 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.822292089 CEST49758443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.822304964 CEST44349758104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.822444916 CEST49759443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.822463036 CEST44349759104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.822559118 CEST49760443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.822571039 CEST44349760104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.822791100 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.822802067 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.826206923 CEST44349750104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.829544067 CEST49750443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.829555035 CEST44349750104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.830637932 CEST44349750104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.830779076 CEST49750443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.832268000 CEST49750443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.832278967 CEST49750443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.832321882 CEST49750443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.832333088 CEST44349750104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.832425117 CEST49750443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.832643986 CEST49762443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.832653046 CEST44349762104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.832916021 CEST49762443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.833079100 CEST49762443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.833090067 CEST44349762104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.872114897 CEST44349756104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.872379065 CEST49756443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.872389078 CEST44349756104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.873430967 CEST44349756104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.873509884 CEST49756443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.874104023 CEST49756443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.874176979 CEST44349756104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.874197960 CEST49756443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.874197960 CEST49756443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.874347925 CEST44349756104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.874409914 CEST49756443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.874409914 CEST49763443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.874409914 CEST49756443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.874439001 CEST44349763104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.874572992 CEST49763443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.879575968 CEST49763443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.879590034 CEST44349763104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.211350918 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.216864109 CEST49757443192.168.2.8216.58.206.46
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.216878891 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.217448950 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.217511892 CEST49757443192.168.2.8216.58.206.46
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.218287945 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.218452930 CEST49757443192.168.2.8216.58.206.46
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.219072104 CEST49757443192.168.2.8216.58.206.46
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.219158888 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.219263077 CEST49757443192.168.2.8216.58.206.46
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.219276905 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.271450043 CEST44349760104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.272706032 CEST44349759104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.273008108 CEST49760443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.273025990 CEST44349760104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.273226976 CEST49759443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.273233891 CEST44349759104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.274185896 CEST44349760104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.274296999 CEST49760443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.274367094 CEST44349759104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.274437904 CEST49759443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.274655104 CEST44349758104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.275404930 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.279364109 CEST44349762104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.282480955 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.282495022 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.283102989 CEST49758443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.283111095 CEST44349758104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.283654928 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.283720970 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.284176111 CEST44349758104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.284251928 CEST49758443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.284723043 CEST49759443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.284826040 CEST44349759104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.285298109 CEST49760443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.285419941 CEST44349760104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.293102026 CEST49762443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.293109894 CEST44349762104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.293924093 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.294061899 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.294290066 CEST44349762104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.294385910 CEST49762443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.294785023 CEST49758443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.294869900 CEST44349758104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.295936108 CEST49762443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.296024084 CEST44349762104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.296446085 CEST49759443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.296472073 CEST44349759104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.296490908 CEST49760443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.296509027 CEST44349760104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.296510935 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.296518087 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.296988964 CEST49758443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.296994925 CEST44349758104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.297188044 CEST49762443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.297194004 CEST44349762104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.315978050 CEST44349763104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.316488028 CEST49763443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.316519976 CEST44349763104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.317970991 CEST44349763104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.318067074 CEST49763443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.318420887 CEST49763443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.318500996 CEST44349763104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.318576097 CEST49763443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.350091934 CEST49757443192.168.2.8216.58.206.46
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.350114107 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.350114107 CEST49762443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.350207090 CEST49759443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.359412909 CEST44349763104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.382051945 CEST49760443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.382052898 CEST49763443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.382061005 CEST49758443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.382074118 CEST44349763104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.400901079 CEST44349762104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.400960922 CEST44349762104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.400994062 CEST44349762104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.401022911 CEST44349762104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.401055098 CEST44349762104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.401056051 CEST49762443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.401074886 CEST44349762104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.401102066 CEST49762443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.401103020 CEST44349762104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.401123047 CEST49762443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.401128054 CEST44349762104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.401169062 CEST49762443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.401197910 CEST44349758104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.401242018 CEST44349758104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.401283979 CEST49758443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.401292086 CEST44349758104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.401561975 CEST44349762104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.402041912 CEST44349762104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.402122021 CEST44349758104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.402179956 CEST49762443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.402179956 CEST49758443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.402188063 CEST44349762104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.402221918 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.402272940 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.402312040 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.402321100 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.402327061 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.402364969 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.402368069 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.402379990 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.402420044 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.402726889 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.402771950 CEST44349762104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.402831078 CEST49762443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.403450966 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.403486013 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.403505087 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.403511047 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.403543949 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.403552055 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.403557062 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.403594971 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.407048941 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.408494949 CEST49758443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.408510923 CEST44349758104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.408941984 CEST49765443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.408977985 CEST44349765104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.409048080 CEST49765443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.409188986 CEST49762443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.409193993 CEST44349762104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.409658909 CEST49766443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.409667015 CEST44349766104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.410188913 CEST49766443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.410492897 CEST49765443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.410516024 CEST44349765104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.410984993 CEST49766443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.410991907 CEST44349766104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.415482998 CEST44349759104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.415584087 CEST44349759104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.415653944 CEST49759443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.416762114 CEST49759443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.416779995 CEST44349759104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.417520046 CEST49767443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.417567968 CEST44349767104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.417644978 CEST49767443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.418165922 CEST49767443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.418180943 CEST44349767104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.429336071 CEST44349760104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.429389000 CEST44349760104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.429419994 CEST44349760104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.429446936 CEST44349760104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.429483891 CEST44349760104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.429522991 CEST44349760104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.429522991 CEST49760443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.429522991 CEST49760443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.429536104 CEST44349760104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.430027008 CEST49760443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.430124998 CEST44349760104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.430223942 CEST49760443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.430232048 CEST44349760104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.430794954 CEST44349760104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.430870056 CEST49760443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.430876017 CEST44349760104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.432962894 CEST49768443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.433012962 CEST44349768104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.433089972 CEST49769443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.433125019 CEST49768443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.433125973 CEST44349769104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.433182001 CEST49769443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.433615923 CEST49769443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.433633089 CEST44349769104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.433818102 CEST49768443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.433829069 CEST44349768104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.434392929 CEST44349760104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.434601068 CEST49760443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.434607983 CEST44349760104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.443922997 CEST44349763104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.443974018 CEST44349763104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.444000006 CEST49763443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.444015026 CEST44349763104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.444056988 CEST44349763104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.444103956 CEST49763443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.444103956 CEST49763443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.446072102 CEST49763443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.446080923 CEST44349763104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.446518898 CEST49770443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.446536064 CEST44349770104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.447166920 CEST49770443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.447451115 CEST49770443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.447463989 CEST44349770104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.450027943 CEST49771443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.450089931 CEST44349771104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.450159073 CEST49771443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.450407982 CEST49771443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.450419903 CEST44349771104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.460481882 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.471940041 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.472008944 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.472059011 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.472101927 CEST49757443192.168.2.8216.58.206.46
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.472120047 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.472230911 CEST49757443192.168.2.8216.58.206.46
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.472516060 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.478068113 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.478123903 CEST49757443192.168.2.8216.58.206.46
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.478141069 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.485155106 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.485265017 CEST49757443192.168.2.8216.58.206.46
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.485274076 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.493500948 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.493577957 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.493613005 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.493660927 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.493674040 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.493731022 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.493921995 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.493988991 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.494021893 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.494035006 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.494040966 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.494085073 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.494117022 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.494122982 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.494164944 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.494679928 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.494765043 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.494798899 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.494841099 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.494843006 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.494853973 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.494893074 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.494898081 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.494940042 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.495596886 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.495704889 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.495778084 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.495784998 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.495935917 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.495981932 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.495990992 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.495995998 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.496042013 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.496069908 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.496076107 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.496155024 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.497884035 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.497986078 CEST49757443192.168.2.8216.58.206.46
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.497997046 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.508938074 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.509033918 CEST49757443192.168.2.8216.58.206.46
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.509051085 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.517985106 CEST44349760104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.518044949 CEST49760443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.518577099 CEST49760443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.518599987 CEST44349760104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.518820047 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.518879890 CEST49757443192.168.2.8216.58.206.46
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.518887997 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.519207954 CEST49772443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.519251108 CEST44349772104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.519309998 CEST49772443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.520071983 CEST49772443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.520083904 CEST44349772104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.558367968 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.558398008 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.558424950 CEST49757443192.168.2.8216.58.206.46
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.558439970 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.558583021 CEST49757443192.168.2.8216.58.206.46
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.559573889 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.566807985 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.566859961 CEST49757443192.168.2.8216.58.206.46
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.567045927 CEST49757443192.168.2.8216.58.206.46
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.567059040 CEST44349757216.58.206.46192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.624707937 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.624753952 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.624775887 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.624829054 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.624842882 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.624857903 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.624871969 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.624897003 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.624916077 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.624933958 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.624943018 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.624957085 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.624977112 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.625159025 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.625222921 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.625231981 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.625472069 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.625547886 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.625557899 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.625597954 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.625715971 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.625770092 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.625777960 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.625808954 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.625869036 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.628144026 CEST49761443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.628160000 CEST44349761104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.685245991 CEST49775443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.685290098 CEST44349775104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.685399055 CEST49775443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.685698032 CEST49775443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.685712099 CEST44349775104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.881309986 CEST44349768104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.883951902 CEST49768443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.883982897 CEST44349768104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.884305000 CEST44349767104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.885040045 CEST44349768104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.885116100 CEST49768443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.886477947 CEST49767443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.886495113 CEST44349767104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.886852026 CEST49768443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.886884928 CEST49768443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.886969090 CEST49768443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.887063026 CEST44349768104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.887209892 CEST49768443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.887463093 CEST49776443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.887500048 CEST44349776104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.887587070 CEST44349767104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.887651920 CEST44349771104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.887681961 CEST49767443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.887684107 CEST49776443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.887850046 CEST49776443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.887862921 CEST44349776104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.888129950 CEST49767443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.888140917 CEST49767443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.888184071 CEST49767443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.888362885 CEST49777443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.888401031 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.888448000 CEST49777443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.888575077 CEST49771443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.888591051 CEST44349771104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.888681889 CEST44349767104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.888706923 CEST49777443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.888725996 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.888736010 CEST49767443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.889633894 CEST44349771104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.889687061 CEST49771443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.889940023 CEST49771443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.889940023 CEST49771443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.889976025 CEST49771443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.890002012 CEST44349771104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.890131950 CEST49778443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.890142918 CEST44349778104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.890151978 CEST44349771104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.890162945 CEST49771443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.890218019 CEST49771443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.890331030 CEST49778443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.890433073 CEST49778443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.890451908 CEST44349778104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.891161919 CEST44349766104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.893224955 CEST49766443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.893239975 CEST44349766104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.894340038 CEST44349766104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.894411087 CEST49766443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.894763947 CEST49766443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.894764900 CEST49766443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.894788980 CEST49766443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.894836903 CEST44349766104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.895010948 CEST49779443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.895010948 CEST49766443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.895034075 CEST44349779104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.895279884 CEST49779443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.895498991 CEST49779443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.895509005 CEST44349779104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.899117947 CEST44349765104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.899553061 CEST49765443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.899566889 CEST44349765104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.900732994 CEST44349765104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.900793076 CEST49765443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.902157068 CEST49765443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.902170897 CEST49765443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.902223110 CEST44349765104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.902252913 CEST44349769104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.902261972 CEST49765443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.902281046 CEST49765443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.902489901 CEST49780443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.902523994 CEST44349780104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.902591944 CEST49780443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.903043032 CEST49769443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.903059006 CEST44349769104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.903219938 CEST49780443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.903234959 CEST44349780104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.904717922 CEST44349769104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.904791117 CEST49769443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.905112982 CEST49769443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.905158997 CEST49769443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.905200958 CEST49769443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.905201912 CEST44349769104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.905246973 CEST49769443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.905478954 CEST49781443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.905514956 CEST44349781104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.905682087 CEST49781443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.905733109 CEST49781443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.905744076 CEST44349781104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.912853956 CEST44349770104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.913048029 CEST49770443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.913062096 CEST44349770104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.913878918 CEST49782443192.168.2.8172.67.164.223
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.913909912 CEST44349782172.67.164.223192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.913985014 CEST49782443192.168.2.8172.67.164.223
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.914478064 CEST44349770104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.914556980 CEST49770443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.914907932 CEST49770443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.914927959 CEST49770443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.914988041 CEST44349770104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.915018082 CEST49770443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.915050030 CEST49770443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.915301085 CEST49783443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.915318966 CEST44349783104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.915514946 CEST49783443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.915795088 CEST49783443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.915807962 CEST44349783104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.915935040 CEST49782443192.168.2.8172.67.164.223
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.915956020 CEST44349782172.67.164.223192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.997250080 CEST44349772104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.997484922 CEST49772443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.997504950 CEST44349772104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.998616934 CEST44349772104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.998671055 CEST49772443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.998972893 CEST49772443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.998972893 CEST49772443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.999039888 CEST44349772104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.999058962 CEST49772443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.999219894 CEST44349772104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.999250889 CEST49772443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.999277115 CEST49772443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.999480963 CEST49784443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.999519110 CEST44349784104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.999633074 CEST49784443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.999806881 CEST49784443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.999823093 CEST44349784104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.121462107 CEST44349775104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.126568079 CEST49775443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.126594067 CEST44349775104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.127756119 CEST44349775104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.127882957 CEST49775443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.128161907 CEST49775443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.128161907 CEST49775443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.128196955 CEST49775443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.128233910 CEST44349775104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.128403902 CEST49775443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.128570080 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.128606081 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.128809929 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.128926039 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.128935099 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.324810982 CEST44349776104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.328357935 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.331425905 CEST49777443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.331443071 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.331559896 CEST49776443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.331573009 CEST44349776104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.332526922 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.332659006 CEST44349776104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.332710981 CEST49777443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.332712889 CEST49776443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.333192110 CEST49777443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.333260059 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.333472967 CEST49776443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.333554029 CEST44349776104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.334127903 CEST49777443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.334137917 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.334254980 CEST49776443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.334266901 CEST44349776104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.335552931 CEST44349779104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.335771084 CEST49779443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.335792065 CEST44349779104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.336879969 CEST44349779104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.336929083 CEST49779443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.337414026 CEST49779443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.337460995 CEST44349779104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.337587118 CEST49779443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.337591887 CEST44349779104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.362235069 CEST44349780104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.362534046 CEST44349783104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.362694025 CEST49780443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.362704039 CEST44349780104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.362852097 CEST49783443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.362859964 CEST44349783104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.363768101 CEST44349780104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.363828897 CEST49780443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.364300013 CEST44349783104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.364355087 CEST49783443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.365734100 CEST44349778104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.366712093 CEST49780443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.366796970 CEST44349780104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.367245913 CEST49783443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.367335081 CEST44349783104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.367588043 CEST49778443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.367604971 CEST44349778104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.367635965 CEST49780443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.367649078 CEST44349780104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.367798090 CEST49783443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.367805958 CEST44349783104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.368592024 CEST44349778104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.368850946 CEST49778443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.369127989 CEST49778443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.369189024 CEST44349778104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.369374037 CEST49778443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.369381905 CEST44349778104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.371731043 CEST44349781104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.372864008 CEST49781443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.372878075 CEST44349781104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.374313116 CEST44349781104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.374377966 CEST49781443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.379854918 CEST49781443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.379954100 CEST44349781104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.381779909 CEST44349782172.67.164.223192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.381886959 CEST49782443192.168.2.8172.67.164.223
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.384540081 CEST49781443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.384556055 CEST44349781104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.392095089 CEST49782443192.168.2.8172.67.164.223
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.392108917 CEST44349782172.67.164.223192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.392349005 CEST44349782172.67.164.223192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.392443895 CEST49782443192.168.2.8172.67.164.223
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.393625021 CEST49782443192.168.2.8172.67.164.223
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.435408115 CEST44349782172.67.164.223192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.450120926 CEST44349784104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.459492922 CEST44349776104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.459536076 CEST44349776104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.459625959 CEST44349776104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.459646940 CEST49776443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.460289955 CEST49776443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.460453033 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.460480928 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.460505009 CEST49777443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.460506916 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.460520029 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.460572004 CEST49777443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.460582972 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.460618973 CEST44349779104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.460671902 CEST49779443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.460681915 CEST44349779104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.460714102 CEST44349779104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.460741043 CEST49777443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.460750103 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.460791111 CEST49779443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.461055040 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.461144924 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.461230040 CEST49777443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.461236954 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.461250067 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.461365938 CEST49777443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.461466074 CEST49780443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.463444948 CEST49783443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.466670990 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.466759920 CEST49777443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.466768980 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.483818054 CEST49778443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.484520912 CEST49781443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.491209030 CEST44349783104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.491341114 CEST44349783104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.491456032 CEST49783443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.491458893 CEST44349783104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.491489887 CEST44349783104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.491542101 CEST49783443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.491614103 CEST44349783104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.491767883 CEST44349783104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.493057013 CEST49783443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.502753973 CEST44349781104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.502835035 CEST44349781104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.502887011 CEST44349781104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.502928972 CEST49781443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.502942085 CEST44349781104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.502955914 CEST44349781104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.502988100 CEST49781443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.503067017 CEST49781443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.508699894 CEST44349780104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.508744955 CEST44349780104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.508781910 CEST44349780104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.508836031 CEST49780443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.508842945 CEST44349780104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.508865118 CEST44349780104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.508920908 CEST49780443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.514944077 CEST44349778104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.515028954 CEST44349778104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.515058994 CEST44349778104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.515093088 CEST44349778104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.515111923 CEST49778443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.515137911 CEST44349778104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.515153885 CEST49778443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.515477896 CEST44349778104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.515512943 CEST44349778104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.515583992 CEST44349778104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.515584946 CEST49778443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.515595913 CEST44349778104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.515645027 CEST49778443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.516237974 CEST44349778104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.516297102 CEST49778443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.516311884 CEST44349778104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.516324997 CEST44349778104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.516380072 CEST49778443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.549469948 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.549603939 CEST49777443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.549616098 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.549761057 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.549910069 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.549952984 CEST49777443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.550035000 CEST49777443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.581248045 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.584801912 CEST49784443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.688270092 CEST49786443192.168.2.8104.193.111.117
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.688313961 CEST44349786104.193.111.117192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.688390017 CEST49786443192.168.2.8104.193.111.117
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.689464092 CEST49786443192.168.2.8104.193.111.117
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.689479113 CEST44349786104.193.111.117192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.739216089 CEST49784443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.739233017 CEST44349784104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.740505934 CEST44349784104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.740516901 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.740528107 CEST44349784104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.740544081 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.740600109 CEST49784443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.741014004 CEST49784443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.741095066 CEST44349784104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.741183996 CEST49784443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.741190910 CEST44349784104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.741846085 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.741861105 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.741931915 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.742799997 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.742908001 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.743237972 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.743247032 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.749516964 CEST44349782172.67.164.223192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.749577999 CEST49782443192.168.2.8172.67.164.223
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.749579906 CEST44349782172.67.164.223192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.749625921 CEST49782443192.168.2.8172.67.164.223
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.749984980 CEST49779443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.750036001 CEST44349779104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.751133919 CEST49781443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.751166105 CEST44349781104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.752734900 CEST49777443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.752752066 CEST44349777104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.753546953 CEST49776443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.753582954 CEST44349776104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.754350901 CEST49778443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.754357100 CEST44349778104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.755040884 CEST49780443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.755057096 CEST44349780104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.760855913 CEST49782443192.168.2.8172.67.164.223
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.760874033 CEST44349782172.67.164.223192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.761265039 CEST49783443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.761276007 CEST44349783104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.765453100 CEST49787443192.168.2.8172.67.164.223
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.765475035 CEST44349787172.67.164.223192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.765542030 CEST49787443192.168.2.8172.67.164.223
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.769625902 CEST49787443192.168.2.8172.67.164.223
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.769640923 CEST44349787172.67.164.223192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.850631952 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.874738932 CEST44349784104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.874813080 CEST44349784104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.874897003 CEST49784443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.874897003 CEST49784443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.878442049 CEST49784443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.878478050 CEST44349784104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.892618895 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.892741919 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.892808914 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.892838001 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.892837048 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.892858028 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.892884970 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.892920971 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.892920971 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.892934084 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.893064022 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.893201113 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.893210888 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.893785000 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.894107103 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.894115925 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.897625923 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.897828102 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.897839069 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.904098988 CEST49789443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.904144049 CEST44349789104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.904428005 CEST49789443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.920012951 CEST49790443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.920064926 CEST44349790104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.920221090 CEST49790443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.949367046 CEST49791443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.949413061 CEST44349791104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.949639082 CEST49791443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.950300932 CEST49792443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.950331926 CEST44349792104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.950467110 CEST49792443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.950721025 CEST49793443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.950767040 CEST44349793104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.950819969 CEST49793443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.951616049 CEST49794443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.951623917 CEST44349794104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.951972008 CEST49794443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.952472925 CEST49789443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.952502012 CEST44349789104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.953145027 CEST49790443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.953156948 CEST44349790104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.954493046 CEST49795443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.954531908 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.954674006 CEST49795443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.956931114 CEST49791443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.956954956 CEST44349791104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.957772017 CEST49792443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.957787037 CEST44349792104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.958086014 CEST49793443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.958100080 CEST44349793104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.958545923 CEST49794443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.958554983 CEST44349794104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.958753109 CEST49795443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.958781004 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.959646940 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.960588932 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.960624933 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.960720062 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.961064100 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.961078882 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.975049019 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.975157976 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.975188971 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.975215912 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.975225925 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.975351095 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.975461006 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.975552082 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.975578070 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.975600004 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.975608110 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.975727081 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.976438046 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.976507902 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.976538897 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.976586103 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.976603985 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.976613045 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.976665974 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.977319002 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.977349997 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.977372885 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.977379084 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.977394104 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.977447987 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.977498055 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.977498055 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.977507114 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.978264093 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.978293896 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.978363037 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.978372097 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.978441954 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.016057968 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.057739019 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.057780027 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.057796001 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.057809114 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.057848930 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.057879925 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.057888985 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.057977915 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.058156013 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.058201075 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.058479071 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.058487892 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.058556080 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.058636904 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.058700085 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.058753967 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.058854103 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.059585094 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.059640884 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.059663057 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.059679985 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.059699059 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.059767008 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.060507059 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.060596943 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.060607910 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.060635090 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.060683966 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.060683966 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.061192989 CEST49785443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.061219931 CEST44349785104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.080966949 CEST49798443192.168.2.8184.28.90.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.081018925 CEST44349798184.28.90.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.081080914 CEST49798443192.168.2.8184.28.90.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.082746029 CEST49798443192.168.2.8184.28.90.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.082761049 CEST44349798184.28.90.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.119877100 CEST49799443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.119913101 CEST44349799104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.119996071 CEST49799443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.120768070 CEST49800443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.120825052 CEST44349800104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.120894909 CEST49800443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.121246099 CEST49801443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.121285915 CEST44349801104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.121340990 CEST49801443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.121618032 CEST49802443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.121625900 CEST44349802104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.121670961 CEST49802443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.122080088 CEST49803443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.122108936 CEST44349803104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.122169018 CEST49803443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.122885942 CEST49799443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.122904062 CEST44349799104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.123359919 CEST49800443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.123409033 CEST44349800104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.123678923 CEST49801443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.123697996 CEST44349801104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.124017954 CEST49802443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.124032021 CEST44349802104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.124227047 CEST49803443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.124247074 CEST44349803104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.184297085 CEST44349786104.193.111.117192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.184395075 CEST49786443192.168.2.8104.193.111.117
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.201011896 CEST49786443192.168.2.8104.193.111.117
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.201030016 CEST44349786104.193.111.117192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.201376915 CEST44349786104.193.111.117192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.201426983 CEST49786443192.168.2.8104.193.111.117
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.201824903 CEST49786443192.168.2.8104.193.111.117
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.247411013 CEST44349786104.193.111.117192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.275526047 CEST44349787172.67.164.223192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.275593996 CEST49787443192.168.2.8172.67.164.223
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.276124001 CEST49787443192.168.2.8172.67.164.223
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.276138067 CEST44349787172.67.164.223192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.276372910 CEST49787443192.168.2.8172.67.164.223
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.276380062 CEST44349787172.67.164.223192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.336122990 CEST44349786104.193.111.117192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.336184978 CEST49786443192.168.2.8104.193.111.117
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.336201906 CEST44349786104.193.111.117192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.336246014 CEST49786443192.168.2.8104.193.111.117
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.339411020 CEST49786443192.168.2.8104.193.111.117
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.339432955 CEST44349786104.193.111.117192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.395006895 CEST44349789104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.395306110 CEST49789443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.395328045 CEST44349789104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.396455050 CEST44349789104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.396513939 CEST49789443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.397150993 CEST44349791104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.397820950 CEST44349792104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.398293018 CEST49789443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.398380995 CEST44349789104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.398432016 CEST49789443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.398442030 CEST44349789104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.398529053 CEST49789443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.398541927 CEST49789443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.398799896 CEST49804443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.398818016 CEST44349804104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.398931026 CEST49804443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.398964882 CEST49791443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.398993015 CEST44349791104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.399224043 CEST49792443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.399235010 CEST44349792104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.399404049 CEST49804443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.399418116 CEST44349804104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.400460958 CEST44349792104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.400460958 CEST44349791104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.400516987 CEST49792443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.400556087 CEST49791443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.400800943 CEST49792443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.400861979 CEST49792443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.400866985 CEST44349792104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.400916100 CEST49792443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.400916100 CEST49792443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.401151896 CEST49805443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.401177883 CEST44349805104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.401247025 CEST49805443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.401509047 CEST49791443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.401521921 CEST49791443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.401557922 CEST49791443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.401582956 CEST44349791104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.401632071 CEST49791443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.401653051 CEST44349793104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.401787043 CEST49806443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.401796103 CEST44349806104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.401866913 CEST49806443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.402013063 CEST49805443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.402025938 CEST44349805104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.402122021 CEST49793443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.402131081 CEST44349793104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.402235985 CEST49806443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.402249098 CEST44349806104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.403198957 CEST44349793104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.403259039 CEST49793443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.403552055 CEST49793443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.403563023 CEST49793443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.403592110 CEST49793443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.403647900 CEST44349793104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.403702974 CEST49793443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.403835058 CEST49807443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.403867006 CEST44349807104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.403970957 CEST49807443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.404185057 CEST49807443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.404195070 CEST44349807104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.404788971 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.404978037 CEST49795443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.404988050 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.406579971 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.406639099 CEST49795443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.407541037 CEST49795443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.407632113 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.407686949 CEST49795443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.407695055 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.409316063 CEST44349790104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.409512043 CEST49790443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.409534931 CEST44349790104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.412857056 CEST44349790104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.412924051 CEST49790443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.413335085 CEST49790443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.413353920 CEST49790443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.413383961 CEST49790443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.413410902 CEST44349790104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.413465023 CEST49790443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.413629055 CEST49808443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.413655043 CEST44349808104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.413712978 CEST49808443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.413897038 CEST49808443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.413909912 CEST44349808104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.432626009 CEST44349794104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.432881117 CEST49794443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.432914019 CEST44349794104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.434374094 CEST44349794104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.434447050 CEST49794443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.434842110 CEST49794443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.434855938 CEST49794443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.434901953 CEST49794443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.434936047 CEST44349794104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.434990883 CEST49794443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.435410023 CEST49809443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.435456038 CEST44349809104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.436969995 CEST49809443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.436969995 CEST49809443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.437005043 CEST44349809104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.459752083 CEST49795443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.468765974 CEST49810443192.168.2.8104.193.111.117
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.468813896 CEST44349810104.193.111.117192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.468885899 CEST49810443192.168.2.8104.193.111.117
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.469414949 CEST49810443192.168.2.8104.193.111.117
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.469425917 CEST44349810104.193.111.117192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.495485067 CEST44349787172.67.164.223192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.495543957 CEST49787443192.168.2.8172.67.164.223
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.495552063 CEST44349787172.67.164.223192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.495599031 CEST49787443192.168.2.8172.67.164.223
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.495884895 CEST49787443192.168.2.8172.67.164.223
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.495903015 CEST44349787172.67.164.223192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.531255007 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.531327009 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.531392097 CEST49795443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.531416893 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.531469107 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.531512976 CEST49795443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.531521082 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.531536102 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.531578064 CEST49795443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.531586885 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.531677008 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.531718969 CEST49795443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.531724930 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.531735897 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.531778097 CEST49795443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.531826973 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.537806034 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.537854910 CEST49795443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.537868977 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.566224098 CEST44349801104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.566497087 CEST49801443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.566515923 CEST44349801104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.567579985 CEST44349802104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.567584991 CEST44349800104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.567907095 CEST49802443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.567917109 CEST44349802104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.568016052 CEST49800443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.568026066 CEST44349801104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.568061113 CEST44349800104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.568075895 CEST49801443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.568990946 CEST49801443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.568995953 CEST44349802104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.569036007 CEST49801443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.569051981 CEST49802443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.569067001 CEST49801443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.569072008 CEST44349801104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.569101095 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.569120884 CEST49801443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.569494009 CEST44349803104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.569504023 CEST49811443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.569552898 CEST44349811104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.569570065 CEST44349800104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.569607019 CEST49811443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.569622040 CEST49800443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.569950104 CEST49802443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.569974899 CEST49802443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.570000887 CEST49802443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.570038080 CEST44349802104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.570080042 CEST49802443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.570282936 CEST49812443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.570313931 CEST44349812104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.570360899 CEST49812443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.570452929 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.570465088 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.570893049 CEST49803443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.570914030 CEST44349803104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.571448088 CEST49800443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.571449041 CEST49800443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.571449041 CEST49800443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.571508884 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.571548939 CEST44349800104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.571568966 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.571598053 CEST49800443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.571634054 CEST49813443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.571662903 CEST44349813104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.571713924 CEST49813443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.571868896 CEST44349803104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.571938038 CEST49803443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.571995020 CEST49811443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.572011948 CEST44349811104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.572112083 CEST49812443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.572124004 CEST44349812104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.572527885 CEST49813443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.572540998 CEST44349813104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.573049068 CEST49803443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.573049068 CEST49803443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.573087931 CEST49803443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.573168993 CEST44349803104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.573235035 CEST49803443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.573322058 CEST49814443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.573333025 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.573456049 CEST49814443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.573499918 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.573579073 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.573818922 CEST49814443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.573831081 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.573997974 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.574012041 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.585279942 CEST49795443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.591818094 CEST44349799104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.592173100 CEST49799443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.592190981 CEST44349799104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.593605042 CEST44349799104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.593682051 CEST49799443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.594108105 CEST49799443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.594108105 CEST49799443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.594108105 CEST49799443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.594198942 CEST44349799104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.594295025 CEST49799443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.594384909 CEST49815443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.594417095 CEST44349815104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.594474077 CEST49815443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.594703913 CEST49815443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.594715118 CEST44349815104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.612811089 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.613531113 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.613578081 CEST49795443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.613603115 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.613620043 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.613667011 CEST49795443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.626447916 CEST49795443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.626476049 CEST44349795104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.706954956 CEST49817443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.706991911 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.707043886 CEST49817443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.707179070 CEST44349798184.28.90.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.707264900 CEST49798443192.168.2.8184.28.90.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.707268000 CEST49817443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.707281113 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.708770990 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.709099054 CEST49798443192.168.2.8184.28.90.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.709105968 CEST44349798184.28.90.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.709347963 CEST44349798184.28.90.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.840507984 CEST44349806104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.841859102 CEST49798443192.168.2.8184.28.90.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.852978945 CEST44349805104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.873795033 CEST44349808104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.877538919 CEST44349804104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.881779909 CEST44349809104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.882373095 CEST44349807104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.896745920 CEST49806443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.896770000 CEST49805443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.911680937 CEST49798443192.168.2.8184.28.90.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.913739920 CEST49806443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.913759947 CEST44349806104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.914710999 CEST49807443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.914722919 CEST49809443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.914727926 CEST44349807104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.914732933 CEST44349809104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.914743900 CEST49804443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.914752007 CEST44349804104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.914946079 CEST44349806104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.914956093 CEST49808443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.914958954 CEST44349806104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.914992094 CEST44349808104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.915020943 CEST49806443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.915132999 CEST49805443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.915148973 CEST44349805104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.915834904 CEST44349809104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.915910959 CEST44349807104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.915920973 CEST49809443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.915924072 CEST44349804104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.915970087 CEST49807443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.916022062 CEST49804443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.916455030 CEST44349805104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.916518927 CEST49805443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.916820049 CEST49806443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.916903019 CEST44349806104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.917228937 CEST49804443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.917300940 CEST44349804104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.918013096 CEST49807443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.918111086 CEST44349807104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.918698072 CEST44349808104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.918771982 CEST49808443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.918932915 CEST49809443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.919007063 CEST44349809104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.919357061 CEST49805443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.919450998 CEST44349805104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.921772003 CEST49808443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.921981096 CEST44349808104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.922384977 CEST49806443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.922405958 CEST44349806104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.922544956 CEST49804443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.922574997 CEST44349804104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.922719002 CEST49807443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.922727108 CEST44349807104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.922791004 CEST49805443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.922804117 CEST44349805104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.922884941 CEST49808443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.922908068 CEST44349808104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.922931910 CEST49809443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.922940969 CEST44349809104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.946060896 CEST44349810104.193.111.117192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.946120977 CEST49810443192.168.2.8104.193.111.117
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.946584940 CEST49810443192.168.2.8104.193.111.117
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.946598053 CEST44349810104.193.111.117192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.946778059 CEST49810443192.168.2.8104.193.111.117
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.946784973 CEST44349810104.193.111.117192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.946820021 CEST49810443192.168.2.8104.193.111.117
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.946827888 CEST44349810104.193.111.117192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.959408998 CEST44349798184.28.90.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.972806931 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.972954035 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.973006964 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.973026991 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.973468065 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.973520041 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.973531961 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.973592043 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.973639965 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.973649025 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.980886936 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.980946064 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.980963945 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.981007099 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.981050014 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.981057882 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.993622065 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.993686914 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.993710041 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.019959927 CEST44349812104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.020102024 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.020219088 CEST49812443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.020239115 CEST44349812104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.022017956 CEST44349812104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.022075891 CEST49814443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.022078037 CEST49812443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.022089005 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.022733927 CEST49812443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.022806883 CEST44349812104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.023166895 CEST49812443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.023179054 CEST44349812104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.023561954 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.023619890 CEST49814443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.023962975 CEST49814443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.024045944 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.024075985 CEST49814443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.028218031 CEST44349806104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.028270006 CEST49806443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.028287888 CEST44349806104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.028301954 CEST44349806104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.028323889 CEST44349805104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.028352022 CEST49806443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.028384924 CEST49805443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.028753042 CEST44349809104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.028805971 CEST49809443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.030524969 CEST49820443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.030575991 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.030637026 CEST49820443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.030674934 CEST49821443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.030697107 CEST44349821157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.030749083 CEST49821443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.030811071 CEST49822443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.030826092 CEST44349822157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.030878067 CEST49822443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.030957937 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.030975103 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.031018019 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.031151056 CEST49824443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.031162024 CEST44349824157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.031213045 CEST49824443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.031277895 CEST44349813104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.031315088 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.031323910 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.031399965 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.031698942 CEST49821443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.031711102 CEST44349821157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.031769037 CEST49820443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.031800985 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.032037020 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.032047987 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.032078028 CEST49822443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.032093048 CEST44349822157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.032156944 CEST49824443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.032167912 CEST44349824157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.032300949 CEST49813443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.032308102 CEST44349813104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.032807112 CEST44349804104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.032845020 CEST44349804104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.032881021 CEST49804443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.032895088 CEST44349804104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.032913923 CEST44349804104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.032943964 CEST49804443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.033013105 CEST49804443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.033356905 CEST44349813104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.033426046 CEST49813443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.033782005 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.033792973 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.034739017 CEST49813443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.034813881 CEST44349813104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.035130978 CEST49813443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.035139084 CEST44349813104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.037375927 CEST44349811104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.037781954 CEST49811443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.037803888 CEST44349811104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.037995100 CEST44349807104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.038115978 CEST49807443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.038846016 CEST44349811104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.038901091 CEST49811443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.039294958 CEST49811443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.039361000 CEST44349811104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.040764093 CEST44349808104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.040827036 CEST49808443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.040844917 CEST44349808104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.040935993 CEST44349808104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.040981054 CEST49808443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.041687012 CEST49811443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.041696072 CEST44349811104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.041835070 CEST44349815104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.042013884 CEST49815443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.042046070 CEST44349815104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.043291092 CEST49805443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.043314934 CEST44349805104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.043481112 CEST44349815104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.043541908 CEST49815443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.043898106 CEST49826443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.043967962 CEST44349826104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.044039965 CEST49826443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.044176102 CEST49809443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.044186115 CEST44349809104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.044457912 CEST49827443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.044503927 CEST44349827104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.044557095 CEST49827443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.045087099 CEST49815443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.045166016 CEST44349815104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.045895100 CEST49806443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.045906067 CEST44349806104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.046181917 CEST49828443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.046201944 CEST44349828104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.046262980 CEST49828443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.046591997 CEST49804443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.046611071 CEST44349804104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.047223091 CEST49826443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.047261953 CEST44349826104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.047782898 CEST49827443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.047806025 CEST44349827104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.048604012 CEST49807443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.048631907 CEST44349807104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.049647093 CEST49828443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.049670935 CEST44349828104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.050247908 CEST49815443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.050257921 CEST44349815104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.050941944 CEST49808443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.050959110 CEST44349808104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.055602074 CEST49829443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.055635929 CEST44349829104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.055785894 CEST49829443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.056024075 CEST49829443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.056044102 CEST44349829104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.057161093 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.057207108 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.057210922 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.057225943 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.057264090 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.060122013 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.060180902 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.060195923 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.060203075 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.060250998 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.063148975 CEST44349810104.193.111.117192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.063219070 CEST44349810104.193.111.117192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.063245058 CEST49810443192.168.2.8104.193.111.117
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.063256025 CEST49810443192.168.2.8104.193.111.117
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.063868999 CEST49810443192.168.2.8104.193.111.117
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.063878059 CEST44349810104.193.111.117192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.066222906 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.066268921 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.066284895 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.066289902 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.066344023 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.067430973 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.072314024 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.072365999 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.072484016 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.077802896 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.077852011 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.077861071 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.077892065 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.077943087 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.077949047 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.078145027 CEST49830443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.078180075 CEST44349830104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.078243017 CEST49830443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.078749895 CEST49830443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.078768969 CEST44349830104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.082205057 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.082405090 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.082456112 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.082465887 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.082520962 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.084440947 CEST49814443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.084455013 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.084538937 CEST49813443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.085797071 CEST44349798184.28.90.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.086224079 CEST44349798184.28.90.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.086297989 CEST49798443192.168.2.8184.28.90.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.086675882 CEST49798443192.168.2.8184.28.90.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.086699009 CEST44349798184.28.90.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.086710930 CEST49798443192.168.2.8184.28.90.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.086718082 CEST44349798184.28.90.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.086900949 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.086952925 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.086983919 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.087028980 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.091641903 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.091736078 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.091773987 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.091785908 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.091939926 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.096489906 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.096545935 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.096586943 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.096643925 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.101039886 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.101099968 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.128585100 CEST49812443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.128585100 CEST49815443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.128587008 CEST49811443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.143517971 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.143616915 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.143650055 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.143702030 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.143789053 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.143836021 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.143872023 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.143920898 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.146394014 CEST44349812104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.146440983 CEST44349812104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.146497965 CEST44349812104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.146523952 CEST49812443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.146562099 CEST49812443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.146861076 CEST49831443192.168.2.8184.28.90.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.146898985 CEST44349831184.28.90.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.146964073 CEST49831443192.168.2.8184.28.90.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.147394896 CEST49831443192.168.2.8184.28.90.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.147411108 CEST44349831184.28.90.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.147617102 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.147672892 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.147703886 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.147753954 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.149729967 CEST49812443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.149746895 CEST44349812104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.150306940 CEST49832443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.150326014 CEST44349832104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.150393009 CEST49832443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.150839090 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.150919914 CEST49814443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.150933981 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.151020050 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.151108027 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.151194096 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.151230097 CEST49814443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.151241064 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.151257992 CEST49814443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.151278973 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.151336908 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.151338100 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.151356936 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.151408911 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.151417971 CEST49814443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.151424885 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.152757883 CEST49832443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.152775049 CEST44349832104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.152839899 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.154186010 CEST49817443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.154202938 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.155240059 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.155306101 CEST49814443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.155314922 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.155426025 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.155518055 CEST49814443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.155524969 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.155796051 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.155858994 CEST49817443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.157725096 CEST49817443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.157888889 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.158655882 CEST49817443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.158679962 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.159667015 CEST49833443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.159708023 CEST44349833157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.160114050 CEST49833443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.160504103 CEST49833443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.160516024 CEST44349833157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.161210060 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.161281109 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.161294937 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.161322117 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.161407948 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.162079096 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.162143946 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.162619114 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.162671089 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.162708044 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.162789106 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.162832975 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.162844896 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.182634115 CEST44349813104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.182667017 CEST44349813104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.182684898 CEST44349813104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.182698011 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.182719946 CEST44349811104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.182729006 CEST49813443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.182748079 CEST44349813104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.182754040 CEST44349811104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.182760954 CEST44349813104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.182775021 CEST44349811104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.182779074 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.182813883 CEST49811443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.182815075 CEST49813443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.182826042 CEST44349811104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.182841063 CEST44349811104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.182883978 CEST49811443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.184007883 CEST49797443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.184024096 CEST44349797157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.189795017 CEST44349815104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.190257072 CEST44349815104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.190327883 CEST49815443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.190361977 CEST44349815104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.190576077 CEST49815443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.236772060 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.238226891 CEST49814443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.238239050 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.238776922 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.239305019 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.239414930 CEST49814443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.250180960 CEST49814443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.250207901 CEST44349814104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.250602007 CEST49835443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.250654936 CEST44349835104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.250739098 CEST49835443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.251353979 CEST49835443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.251367092 CEST44349835104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.260396957 CEST49815443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.260421038 CEST44349815104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.260807991 CEST49836443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.260832071 CEST44349836104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.260929108 CEST49836443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.261121035 CEST49811443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.261127949 CEST44349811104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.261390924 CEST49837443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.261440992 CEST44349837104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.261503935 CEST49837443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.261810064 CEST49813443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.261828899 CEST44349813104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.262094975 CEST49838443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.262105942 CEST44349838104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.262159109 CEST49838443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.262804985 CEST49836443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.262814999 CEST44349836104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.263282061 CEST49837443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.263300896 CEST44349837104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.264420986 CEST49838443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.264436007 CEST44349838104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.286803007 CEST49817443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.296649933 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.296686888 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.296714067 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.296741962 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.296761990 CEST49817443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.296767950 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.296787977 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.296809912 CEST49817443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.296827078 CEST49817443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.296840906 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.297657967 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.297683001 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.297708035 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.297728062 CEST49817443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.297739983 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.297764063 CEST49817443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.383548021 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.383644104 CEST49817443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.383665085 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.383733034 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.383872986 CEST49817443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.383879900 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.384007931 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.384063959 CEST49817443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.385803938 CEST49817443192.168.2.8104.16.79.73
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.385817051 CEST44349817104.16.79.73192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.491770983 CEST44349827104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.492258072 CEST49827443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.492274046 CEST44349827104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.492707968 CEST44349826104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.493278980 CEST44349827104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.493331909 CEST49826443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.493343115 CEST49827443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.493403912 CEST44349826104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.493915081 CEST49827443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.493976116 CEST44349827104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.494030952 CEST49827443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.494036913 CEST44349827104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.494153023 CEST49827443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.494168043 CEST49827443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.494450092 CEST44349826104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.494524002 CEST49826443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.494784117 CEST49841443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.494817972 CEST44349841104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.494894981 CEST49841443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.495145082 CEST49826443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.495194912 CEST49826443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.495194912 CEST49826443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.495237112 CEST44349826104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.495408058 CEST44349826104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.495434999 CEST49826443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.495500088 CEST49842443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.495506048 CEST49826443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.495511055 CEST44349842104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.495618105 CEST49842443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.495804071 CEST49841443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.495816946 CEST44349841104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.495984077 CEST49842443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.495994091 CEST44349842104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.554637909 CEST44349828104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.557540894 CEST44349830104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.564918995 CEST44349829104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.577218056 CEST49828443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.577244997 CEST44349828104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.577348948 CEST49830443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.577383041 CEST44349830104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.577498913 CEST49829443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.577507973 CEST44349829104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.578526020 CEST44349829104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.578600883 CEST49829443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.578932047 CEST44349830104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.579005003 CEST49830443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.579092979 CEST49829443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.579158068 CEST49829443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.579158068 CEST49829443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.579164028 CEST44349829104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.579334974 CEST44349829104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.579360008 CEST49829443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.579406023 CEST49829443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.579580069 CEST49843443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.579608917 CEST44349843104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.579698086 CEST49843443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.579864025 CEST49830443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.579864979 CEST49830443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.579927921 CEST49830443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.579948902 CEST44349830104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.580002069 CEST49830443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.580177069 CEST49844443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.580255985 CEST44349844104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.580401897 CEST49844443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.580615044 CEST49843443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.580634117 CEST44349843104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.580734968 CEST49844443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.580770969 CEST44349844104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.581404924 CEST44349828104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.581475019 CEST49828443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.582000971 CEST49828443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.582015991 CEST49828443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.582046986 CEST49828443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.582195044 CEST44349828104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.582248926 CEST49845443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.582269907 CEST49828443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.582278967 CEST44349845104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.582422018 CEST49845443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.582690001 CEST49845443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.582703114 CEST44349845104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.637156010 CEST44349822157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.637914896 CEST49822443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.637938023 CEST44349822157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.639240980 CEST44349822157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.639324903 CEST49822443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.642890930 CEST49822443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.642966986 CEST44349822157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.643157959 CEST49822443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.643167019 CEST44349822157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.648762941 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.648969889 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.648987055 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.649997950 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.650067091 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.650415897 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.650479078 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.650621891 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.650628090 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.655245066 CEST44349821157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.655659914 CEST49821443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.655666113 CEST44349821157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.656719923 CEST44349821157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.656793118 CEST49821443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.657309055 CEST49821443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.657375097 CEST44349821157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.658464909 CEST49821443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.658478022 CEST44349821157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.664704084 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.664748907 CEST44349832104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.665724993 CEST49832443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.665735960 CEST44349832104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.665923119 CEST49820443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.665932894 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.666735888 CEST44349832104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.666798115 CEST49832443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.667236090 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.667300940 CEST49820443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.667855024 CEST49832443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.667921066 CEST44349832104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.668143034 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.668462992 CEST49832443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.668476105 CEST44349832104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.668525934 CEST49832443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.668574095 CEST49832443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.668870926 CEST49846443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.668910027 CEST44349846104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.668986082 CEST49846443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.669264078 CEST49820443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.669404984 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.669415951 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.669600010 CEST49846443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.669610023 CEST44349846104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.669632912 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.669722080 CEST49820443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.669730902 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.670471907 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.670557022 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.670816898 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.670883894 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.670933962 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.688711882 CEST44349833157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.688949108 CEST49833443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.688966990 CEST44349833157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.690036058 CEST44349833157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.690097094 CEST49833443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.691164970 CEST49833443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.691230059 CEST44349833157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.691306114 CEST49833443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.692800999 CEST49822443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.711400032 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.722163916 CEST44349824157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.722420931 CEST49824443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.722441912 CEST44349824157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.723367929 CEST44349835104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.723561049 CEST49835443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.723568916 CEST44349835104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.723607063 CEST44349824157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.723671913 CEST49824443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.723965883 CEST49824443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.724033117 CEST44349824157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.724101067 CEST49824443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.724107027 CEST44349824157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.724613905 CEST44349835104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.724673033 CEST49835443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.728183031 CEST49835443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.728221893 CEST49835443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.728260040 CEST44349835104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.728331089 CEST49835443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.728343010 CEST44349835104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.728352070 CEST49835443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.728401899 CEST49835443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.728914022 CEST49847443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.728951931 CEST44349847104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.729198933 CEST49847443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.729418993 CEST49847443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.729434967 CEST44349847104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.731405973 CEST44349833157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.736988068 CEST44349838104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.737397909 CEST49838443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.737413883 CEST44349838104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.739310980 CEST44349838104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.739372969 CEST49838443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.739739895 CEST49838443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.739762068 CEST49838443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.739804029 CEST49838443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.739809990 CEST44349838104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.740035057 CEST49848443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.740046024 CEST44349838104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.740065098 CEST44349848104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.740075111 CEST49838443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.740087986 CEST49838443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.740119934 CEST49848443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.740331888 CEST49848443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.740343094 CEST44349848104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.741702080 CEST44349837104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.742257118 CEST49837443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.742264986 CEST44349837104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.743309021 CEST44349837104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.743365049 CEST49837443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.743839979 CEST44349836104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.745258093 CEST49836443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.745270014 CEST44349836104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.745707989 CEST49837443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.745723963 CEST49837443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.745770931 CEST44349837104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.745771885 CEST49837443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.745839119 CEST49837443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.746093988 CEST49849443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.746124983 CEST44349849104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.746201038 CEST49849443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.746335030 CEST44349836104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.746402979 CEST49836443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.746427059 CEST49849443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.746438980 CEST44349849104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.746717930 CEST49836443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.746726990 CEST49836443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.746761084 CEST49836443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.746778011 CEST44349836104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.746891022 CEST49836443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.747023106 CEST49850443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.747030020 CEST44349850104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.747081041 CEST49850443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.747292042 CEST49850443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.747301102 CEST44349850104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.808326006 CEST44349831184.28.90.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.808461905 CEST49831443192.168.2.8184.28.90.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.810348034 CEST49831443192.168.2.8184.28.90.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.810353041 CEST44349831184.28.90.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.810672998 CEST44349831184.28.90.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.812612057 CEST49831443192.168.2.8184.28.90.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.851501942 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.851526022 CEST49820443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.851526022 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.851558924 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.851594925 CEST49833443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.851622105 CEST44349833157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.859406948 CEST44349831184.28.90.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.867409945 CEST44349821157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.868390083 CEST49821443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.879085064 CEST44349833157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.879139900 CEST44349833157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.879235983 CEST49833443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.879266024 CEST44349833157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.880888939 CEST44349833157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.880944967 CEST49833443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.880954027 CEST44349833157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.881414890 CEST49833443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.882299900 CEST49824443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.883280039 CEST44349833157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.883287907 CEST44349833157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.883333921 CEST49833443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.884649038 CEST44349833157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.884656906 CEST44349833157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.884711981 CEST49833443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.886955976 CEST44349833157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.887025118 CEST44349833157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.887203932 CEST49833443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.892469883 CEST49833443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.892488956 CEST44349833157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.895853043 CEST44349822157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.895915985 CEST49822443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.895935059 CEST44349822157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.908971071 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.909133911 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.909159899 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.911736965 CEST49851443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.911773920 CEST44349851157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.911832094 CEST49851443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.912026882 CEST49851443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.912039995 CEST44349851157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.914769888 CEST44349821157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.914874077 CEST49821443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.914897919 CEST44349821157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.919703960 CEST44349821157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.919832945 CEST49821443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.919838905 CEST44349821157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.919884920 CEST49821443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.921391010 CEST49821443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.921531916 CEST44349821157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.921600103 CEST49821443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.921819925 CEST49852443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.921871901 CEST44349852157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.921942949 CEST49852443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.923854113 CEST49852443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.923891068 CEST44349852157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.929227114 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.929281950 CEST49820443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.929299116 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.940264940 CEST44349841104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.940640926 CEST49841443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.940649033 CEST44349841104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.941701889 CEST44349841104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.941787958 CEST49841443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.942390919 CEST49841443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.942527056 CEST49841443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.942531109 CEST44349841104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.942547083 CEST44349841104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.949687004 CEST49854443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.949717999 CEST44349854157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.949810982 CEST49854443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.950108051 CEST49854443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.950119972 CEST44349854157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.951065063 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.951136112 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.951158047 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.952825069 CEST44349842104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.953412056 CEST49842443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.953425884 CEST44349842104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.954509020 CEST44349842104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.954581976 CEST49842443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.955028057 CEST49842443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.955100060 CEST44349842104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.955162048 CEST49842443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.958900928 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.958914042 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.980142117 CEST44349822157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.980181932 CEST44349822157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.980222940 CEST49822443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.980242968 CEST44349822157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.980258942 CEST44349822157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.980279922 CEST44349822157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.980297089 CEST44349822157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.980329990 CEST49822443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.980329990 CEST49822443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.980341911 CEST44349822157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.980382919 CEST49822443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.981225967 CEST44349824157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.981285095 CEST49824443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.981306076 CEST44349824157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.990233898 CEST44349822157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.990376949 CEST49822443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.990400076 CEST44349822157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.990467072 CEST44349822157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.992499113 CEST49822443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.992814064 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.992834091 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.992860079 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.992870092 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.992877007 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.992907047 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.992921114 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.992966890 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.992966890 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.995415926 CEST44349842104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.014202118 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.014259100 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.014271975 CEST49820443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.014293909 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.014302015 CEST49820443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.014324903 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.014365911 CEST49820443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.014368057 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.014379978 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.014420986 CEST49820443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.014425993 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.014439106 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.014472961 CEST49820443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.021249056 CEST44349843104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.022809029 CEST49843443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.022820950 CEST44349843104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.023436069 CEST44349845104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.023699999 CEST49845443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.023720026 CEST44349845104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.023930073 CEST44349843104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.023994923 CEST49843443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.024837971 CEST49843443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.024914980 CEST44349843104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.025141001 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.025152922 CEST44349845104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.025156975 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.025177002 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.025187969 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.025194883 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.025202990 CEST49845443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.025207996 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.025226116 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.025264025 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.025270939 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.025310040 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.025546074 CEST49843443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.025554895 CEST44349843104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.025990963 CEST49845443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.026068926 CEST44349845104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.026184082 CEST49845443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.026192904 CEST44349845104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.027266979 CEST49822443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.027286053 CEST44349822157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.037564993 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.037581921 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.037600994 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.037609100 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.037617922 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.037631035 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.037652969 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.037681103 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.037698030 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.043523073 CEST44349844104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.044063091 CEST49844443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.044080019 CEST44349844104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.045510054 CEST44349844104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.045630932 CEST49844443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.046147108 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.046159029 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.046179056 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.046195030 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.046200991 CEST49820443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.046211958 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.046221018 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.046236038 CEST49820443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.046246052 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.046260118 CEST49820443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.046282053 CEST49820443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.046350002 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.046391010 CEST49820443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.046597004 CEST49844443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.046685934 CEST44349844104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.046757936 CEST49844443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.050695896 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.050765991 CEST49820443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.050785065 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.050829887 CEST49820443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.052768946 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.052779913 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.052812099 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.052819967 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.053018093 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.053018093 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.053031921 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.053205967 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.069935083 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.069947004 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.069962978 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.069968939 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.069988966 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.070003033 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.070012093 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.070065022 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.072940111 CEST44349824157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.072948933 CEST44349824157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.072984934 CEST44349824157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.072990894 CEST44349824157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.072995901 CEST44349824157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.073019028 CEST49824443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.073044062 CEST44349824157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.073079109 CEST44349831184.28.90.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.073101044 CEST49824443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.073111057 CEST49824443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.073160887 CEST44349831184.28.90.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.073674917 CEST44349841104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.073734999 CEST44349841104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.073746920 CEST49831443192.168.2.8184.28.90.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.073769093 CEST44349841104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.073766947 CEST49841443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.073791981 CEST44349841104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.073837996 CEST44349841104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.073846102 CEST49841443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.073853016 CEST44349841104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.073882103 CEST49841443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.073904991 CEST44349841104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.073940992 CEST49841443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.073949099 CEST44349841104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.074220896 CEST44349841104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.074263096 CEST49841443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.074266911 CEST44349841104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.074276924 CEST44349841104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.074315071 CEST49841443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.074321985 CEST44349841104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.074337006 CEST44349841104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.074373960 CEST49841443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.087400913 CEST44349844104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.092370987 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.092381954 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.092423916 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.092483044 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.092489004 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.092516899 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.092516899 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.092536926 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.092560053 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.095186949 CEST44349824157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.095195055 CEST44349824157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.095233917 CEST44349824157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.095241070 CEST44349824157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.095244884 CEST49824443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.095274925 CEST44349824157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.095284939 CEST49824443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.095298052 CEST44349824157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.095308065 CEST49824443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.095330000 CEST49824443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.096527100 CEST44349842104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.096586943 CEST49842443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.096601963 CEST44349842104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.096651077 CEST44349842104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.096689939 CEST49842443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.100702047 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.100712061 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.100730896 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.100734949 CEST44349824157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.100738049 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.100763083 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.100770950 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.100800991 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.100833893 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.100833893 CEST49824443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.115472078 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.115499973 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.118009090 CEST44349846104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.118143082 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.118153095 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.118906021 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.124634027 CEST49820443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.124650955 CEST44349820157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.127788067 CEST49846443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.127804041 CEST44349846104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.128938913 CEST44349846104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.129031897 CEST49846443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.129359007 CEST49846443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.129432917 CEST44349846104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.129856110 CEST49846443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.129864931 CEST44349846104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.132462025 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.132474899 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.132503033 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.132514000 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.132522106 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.132538080 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.132569075 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.132572889 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.132601976 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.137067080 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.137092113 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.137300014 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.137314081 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.137419939 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.151545048 CEST49845443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.164195061 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.164208889 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.164228916 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.164236069 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.164313078 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.164340019 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.164360046 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.164374113 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.164377928 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.164402962 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.164467096 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.164467096 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.164484978 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.166134119 CEST44349843104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.166171074 CEST44349843104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.166203022 CEST44349843104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.166230917 CEST49843443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.166239977 CEST44349843104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.166239977 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.166249990 CEST44349843104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.166251898 CEST49843443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.166317940 CEST44349843104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.166372061 CEST49843443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.166372061 CEST49843443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.169074059 CEST44349845104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.169122934 CEST44349845104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.170190096 CEST49845443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.170216084 CEST44349845104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.170542955 CEST44349845104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.170588017 CEST49845443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.172454119 CEST44349847104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.174160957 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.174266100 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.174329042 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.174339056 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.174772978 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.179013968 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.179317951 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.179326057 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.180332899 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.180344105 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.180368900 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.180397987 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.180406094 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.180437088 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.180454969 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.186105967 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.186150074 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.186249018 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.186249018 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.186258078 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.186511993 CEST49844443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.186532974 CEST44349844104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.191468954 CEST44349848104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.193036079 CEST44349844104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.193391085 CEST44349850104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.193464994 CEST49844443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.197141886 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.197160959 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.198065042 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.198074102 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.207092047 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.207108021 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.207160950 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.207170010 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.212076902 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.212110043 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.212161064 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.212167978 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.212196112 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.212215900 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.212908983 CEST44349849104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.217412949 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.217431068 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.217462063 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.217498064 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.217513084 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.217556000 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.217556000 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.219201088 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.219233036 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.219268084 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.219273090 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.219309092 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.219376087 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.226805925 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.226852894 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.226907969 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.226907969 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.226921082 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.228583097 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.228611946 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.228648901 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.228652954 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.228682041 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.228714943 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.236107111 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.236144066 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.236212969 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.236212969 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.236644983 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.236695051 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.238195896 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.239686966 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.239708900 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.239803076 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.239803076 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.239814997 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.243103981 CEST44349846104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.246212959 CEST49846443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.247664928 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.247680902 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.247751951 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.247762918 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.247793913 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.262890100 CEST49848443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.278806925 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.278825998 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.278981924 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.279027939 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.279829025 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.279923916 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.279932022 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.281451941 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.281507015 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.281539917 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.281563997 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.281582117 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.284843922 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.284867048 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.284975052 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.284975052 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.284985065 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.290906906 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.290924072 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.291003942 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.291003942 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.291016102 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.294090033 CEST49850443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.294090033 CEST49849443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.294092894 CEST49847443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.300925016 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.300957918 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.301004887 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.301008940 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.301035881 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.301045895 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.301095009 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.309669018 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.309793949 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.309849977 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.309849977 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.309861898 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.314047098 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.314105988 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.314110994 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.314127922 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.314150095 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.314204931 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.314204931 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.323524952 CEST49849443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.323534012 CEST44349849104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.324558020 CEST49850443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.324564934 CEST44349850104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.324770927 CEST44349849104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.324795008 CEST44349849104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.324851036 CEST49849443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.324999094 CEST49848443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.325007915 CEST44349848104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.325267076 CEST49847443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.325299978 CEST44349847104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.325738907 CEST44349850104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.325757027 CEST44349850104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.325797081 CEST49850443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.326260090 CEST44349848104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.326276064 CEST44349848104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.326323032 CEST49848443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.326456070 CEST44349847104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.326487064 CEST44349847104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.326534986 CEST49847443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.330115080 CEST49847443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.330203056 CEST44349847104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.333652020 CEST49848443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.333787918 CEST44349848104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.355261087 CEST49850443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.355493069 CEST44349850104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.362593889 CEST49849443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.362749100 CEST44349849104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.375313997 CEST49847443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.375359058 CEST44349847104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.375411987 CEST49848443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.375421047 CEST44349848104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.375438929 CEST49850443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.375448942 CEST44349850104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.375495911 CEST49849443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.375507116 CEST44349849104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.377851009 CEST49824443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.377861977 CEST44349824157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.378504992 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.378725052 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.378763914 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.392553091 CEST49842443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.392575979 CEST44349842104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.393130064 CEST49823443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.393148899 CEST44349823157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.393707037 CEST49846443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.393727064 CEST44349846104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.395711899 CEST49844443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.395760059 CEST44349844104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.396915913 CEST49845443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.396931887 CEST44349845104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.407001972 CEST49841443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.407032013 CEST44349841104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.417308092 CEST49843443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.417335033 CEST44349843104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.421087980 CEST49825443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.421099901 CEST44349825157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.432579994 CEST49856443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.432619095 CEST44349856157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.432792902 CEST49856443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.433176994 CEST49856443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.433191061 CEST44349856157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.440033913 CEST44349851157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.440284967 CEST49851443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.440294027 CEST44349851157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.441344976 CEST44349851157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.441395044 CEST49851443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.441673040 CEST49851443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.441734076 CEST44349851157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.441797972 CEST49851443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.448746920 CEST49831443192.168.2.8184.28.90.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.448764086 CEST44349831184.28.90.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.448779106 CEST49831443192.168.2.8184.28.90.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.448786974 CEST44349831184.28.90.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.461652994 CEST49848443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.474178076 CEST44349847104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.474236965 CEST49847443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.474248886 CEST44349847104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.474291086 CEST49847443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.475754976 CEST44349850104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.475827932 CEST49850443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.477706909 CEST49847443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.477722883 CEST44349847104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.478333950 CEST49850443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.478346109 CEST44349850104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.478626013 CEST44349848104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.478667021 CEST44349848104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.478701115 CEST44349848104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.478813887 CEST44349848104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.478854895 CEST49848443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.478854895 CEST49848443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.482445955 CEST49848443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.482470036 CEST44349848104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.483397007 CEST44349851157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.485622883 CEST44349849104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.485676050 CEST44349849104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.485686064 CEST49849443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.485712051 CEST49849443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.486351013 CEST49849443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.486357927 CEST44349849104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.540621042 CEST44349852157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.540958881 CEST49852443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.540997982 CEST44349852157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.541351080 CEST44349852157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.541795969 CEST49852443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.541866064 CEST44349852157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.542263985 CEST49852443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.556783915 CEST44349854157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.558037043 CEST49854443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.558053017 CEST44349854157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.559104919 CEST44349854157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.559159040 CEST49854443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.559645891 CEST49854443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.559699059 CEST44349854157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.559859991 CEST49854443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.559866905 CEST44349854157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.560559034 CEST49857443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.560590982 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.560656071 CEST49857443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.561001062 CEST49857443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.561012983 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.562680006 CEST49858443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.562688112 CEST44349858157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.562814951 CEST49858443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.563050032 CEST49858443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.563057899 CEST44349858157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.565702915 CEST49859443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.565723896 CEST44349859104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.566144943 CEST49859443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.567131042 CEST49859443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.567140102 CEST44349859104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.567433119 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.567455053 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.567811012 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.569188118 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.569199085 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.575376987 CEST49861443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.575411081 CEST44349861104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.575479984 CEST49861443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.575834990 CEST49861443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.575850010 CEST44349861104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.577166080 CEST49862443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.577176094 CEST44349862104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.577231884 CEST49862443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.577824116 CEST49862443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.577832937 CEST44349862104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.578351974 CEST49863443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.578376055 CEST44349863104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.578435898 CEST49863443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.579073906 CEST49863443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.579085112 CEST44349863104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.579422951 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.579436064 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.579898119 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.579898119 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.579916954 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.583394051 CEST44349852157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.605025053 CEST44349851157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.605041027 CEST44349851157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.605096102 CEST49851443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.605108976 CEST44349851157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.605118036 CEST44349851157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.605137110 CEST44349851157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.605149984 CEST49851443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.605174065 CEST49851443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.605854034 CEST44349851157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.605914116 CEST49851443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.605930090 CEST44349851157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.605971098 CEST49851443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.634008884 CEST49851443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.634033918 CEST44349851157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.662384033 CEST49854443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.802341938 CEST44349852157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.802423954 CEST49852443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.802448034 CEST44349852157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.802525997 CEST44349852157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.802584887 CEST49852443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.805515051 CEST49852443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.805535078 CEST44349852157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.811716080 CEST49869443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.811762094 CEST44349869157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.811836958 CEST49869443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.813484907 CEST49869443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.813500881 CEST44349869157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.819498062 CEST44349854157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.819585085 CEST49854443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.819598913 CEST44349854157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.825560093 CEST44349854157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.825572014 CEST44349854157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.825630903 CEST49854443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.825644016 CEST44349854157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.825687885 CEST49854443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.826797962 CEST49854443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.826858044 CEST44349854157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.826915979 CEST49854443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.848301888 CEST49870443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.848340034 CEST44349870157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.848398924 CEST49870443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.848973036 CEST49870443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.848988056 CEST44349870157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.872689009 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.872730970 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.872801065 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.873053074 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.873070002 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.933557987 CEST44349856157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.956362963 CEST49856443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.956378937 CEST44349856157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.956917048 CEST44349856157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.957715988 CEST49856443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.957874060 CEST44349856157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.957899094 CEST49856443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:20.999403954 CEST44349856157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.005543947 CEST44349859104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.006426096 CEST49859443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.006441116 CEST44349859104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.007498980 CEST44349859104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.008021116 CEST49859443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.008121014 CEST49859443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.008183956 CEST44349859104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.008306026 CEST49859443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.008306980 CEST49859443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.008317947 CEST44349859104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.008411884 CEST49859443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.008411884 CEST49859443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.008805990 CEST49872443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.008850098 CEST44349872104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.008939981 CEST49872443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.010138988 CEST49872443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.010154009 CEST44349872104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.015337944 CEST44349862104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.015671968 CEST49862443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.015680075 CEST44349862104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.016761065 CEST44349862104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.016836882 CEST49862443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.017283916 CEST49862443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.017298937 CEST49862443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.017350912 CEST49862443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.017354965 CEST44349862104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.017412901 CEST49862443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.017596960 CEST44349861104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.017785072 CEST49873443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.017815113 CEST44349873104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.017877102 CEST49873443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.018100023 CEST49861443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.018106937 CEST44349861104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.018711090 CEST49873443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.018721104 CEST44349873104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.020495892 CEST44349861104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.020597935 CEST49861443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.020953894 CEST49861443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.020966053 CEST49861443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.021014929 CEST44349861104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.021059990 CEST49861443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.021068096 CEST44349861104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.021080017 CEST49861443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.021117926 CEST49861443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.021225929 CEST44349863104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.021414042 CEST49874443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.021445990 CEST44349874104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.021559954 CEST49863443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.021569014 CEST44349863104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.021964073 CEST49874443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.023087978 CEST44349863104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.023293018 CEST49863443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.023406982 CEST49874443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.023420095 CEST44349874104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.025573015 CEST49863443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.025636911 CEST49863443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.025636911 CEST49863443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.025700092 CEST44349863104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.025835037 CEST49863443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.025895119 CEST49875443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.025911093 CEST44349875104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.026043892 CEST49875443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.026268959 CEST49875443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.026283026 CEST44349875104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.089401960 CEST44349856157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.089495897 CEST44349856157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.089524984 CEST49856443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.089575052 CEST49856443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.092833042 CEST49856443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.092854023 CEST44349856157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.097712994 CEST49876443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.097778082 CEST44349876157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.097903967 CEST49876443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.098193884 CEST49876443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.098212004 CEST44349876157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.160166979 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.160510063 CEST49857443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.160537958 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.160887003 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.161329031 CEST49857443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.161401987 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.161506891 CEST49857443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.184245110 CEST44349858157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.184571028 CEST49858443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.184597969 CEST44349858157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.185379982 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.185610056 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.185626030 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.185992002 CEST44349858157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.186053038 CEST49858443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.186428070 CEST49858443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.186503887 CEST44349858157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.186602116 CEST49858443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.186666965 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.186755896 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.187069893 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.187143087 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.187208891 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.207412958 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.227408886 CEST44349858157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.231394053 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.273566008 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.287767887 CEST49857443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.288943052 CEST49858443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.288955927 CEST44349858157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.288974047 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.288986921 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.295835972 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.295857906 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.297347069 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.297409058 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.297883034 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.297988892 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.298152924 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.298161983 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.442322016 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.455745935 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.455841064 CEST49857443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.456317902 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.462552071 CEST44349869157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.462812901 CEST49869443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.462831974 CEST44349869157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.463893890 CEST44349869157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.463962078 CEST49869443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.464319944 CEST49869443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.464389086 CEST44349869157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.464456081 CEST49869443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.475891113 CEST44349858157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.476089001 CEST49858443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.476100922 CEST44349858157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.476474047 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.477540970 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.477556944 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.478744984 CEST44349870157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.479070902 CEST49870443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.479085922 CEST44349870157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.480144978 CEST44349870157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.480212927 CEST49870443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.480761051 CEST49870443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.480828047 CEST44349870157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.480990887 CEST49870443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.480998039 CEST44349870157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.481523991 CEST44349872104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.482498884 CEST49872443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.482510090 CEST44349872104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.483720064 CEST44349872104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.483789921 CEST49872443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.484299898 CEST49872443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.484371901 CEST44349872104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.484532118 CEST49872443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.484539986 CEST44349872104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.487037897 CEST44349875104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.487317085 CEST49875443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.487325907 CEST44349875104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.488795996 CEST44349875104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.488857985 CEST49875443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.489427090 CEST49875443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.489511013 CEST44349875104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.489579916 CEST49875443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.489586115 CEST44349875104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.491159916 CEST44349874104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.493418932 CEST49874443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.493428946 CEST44349874104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.494657993 CEST44349874104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.495001078 CEST49874443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.495335102 CEST49874443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.495423079 CEST44349874104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.495613098 CEST49874443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.495625019 CEST44349874104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.496907949 CEST44349873104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.497143984 CEST49873443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.497150898 CEST44349873104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.498462915 CEST44349873104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.498539925 CEST49873443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.499042988 CEST49873443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.499180079 CEST44349873104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.499193907 CEST49873443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.504208088 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.504416943 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.504424095 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.504745960 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.506587982 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.506644964 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.506762028 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.507395983 CEST44349869157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.539410114 CEST44349873104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.540510893 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.540529966 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.540561914 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.540574074 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.540586948 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.540595055 CEST49857443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.540606976 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.540633917 CEST49857443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.540657997 CEST49857443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.551409960 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.558126926 CEST44349858157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.558145046 CEST44349858157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.558166981 CEST44349858157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.558172941 CEST44349858157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.558177948 CEST44349858157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.558216095 CEST49858443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.558226109 CEST44349858157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.558248043 CEST49858443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.558273077 CEST49858443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.558351040 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.558365107 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.558397055 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.558413029 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.558423996 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.558427095 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.558455944 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.558476925 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.558476925 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.558568954 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.560791016 CEST49869443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.560791016 CEST49870443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.560816050 CEST44349869157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.560831070 CEST49872443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.560831070 CEST49875443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.572808981 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.572828054 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.572849035 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.572859049 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.572882891 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.572896004 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.572901011 CEST49857443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.572915077 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.572927952 CEST49857443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.572969913 CEST49857443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.572973967 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.573029041 CEST49857443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.574153900 CEST49857443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.574208975 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.574417114 CEST44349857157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.574476957 CEST49857443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.574506998 CEST49857443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.591774940 CEST49874443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.591824055 CEST49873443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.591824055 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.591831923 CEST44349873104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.627624035 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.627738953 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.630300045 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.642784119 CEST44349858157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.642801046 CEST44349858157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.642833948 CEST44349858157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.642844915 CEST44349858157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.642858028 CEST44349858157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.642874002 CEST49858443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.642883062 CEST44349858157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.642936945 CEST49858443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.643337965 CEST49858443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.643377066 CEST44349858157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.643481016 CEST49858443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.654369116 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.654392958 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.654423952 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.654438972 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.654453993 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.654464960 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.654565096 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.654565096 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.659354925 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.659367085 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.659400940 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.659416914 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.659429073 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.659446955 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.659456968 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.659610987 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.659622908 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.659780979 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.666009903 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.666019917 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.666048050 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.666059971 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.666085005 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.666089058 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.666119099 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.666146994 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.666146994 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.675328970 CEST44349872104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.675463915 CEST44349872104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.675561905 CEST49872443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.677534103 CEST49872443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.677556038 CEST44349872104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.678406000 CEST44349875104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.678536892 CEST44349875104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.678611994 CEST49875443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.678618908 CEST44349875104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.678734064 CEST44349875104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.678788900 CEST49875443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.682924986 CEST44349874104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.683026075 CEST44349874104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.683060884 CEST44349874104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.683099985 CEST44349874104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.683120012 CEST49874443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.683126926 CEST44349874104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.683140993 CEST44349874104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.683177948 CEST49874443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.683177948 CEST49874443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.683775902 CEST44349874104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.683927059 CEST44349874104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.683988094 CEST49874443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.683995962 CEST44349874104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.684619904 CEST49875443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.684628963 CEST44349875104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.686002970 CEST44349876157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.687488079 CEST49876443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.687500000 CEST44349876157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.687875032 CEST44349876157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.688652039 CEST44349874104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.688803911 CEST49874443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.688824892 CEST44349874104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.689220905 CEST44349874104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.689277887 CEST49874443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.689457893 CEST49876443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.689526081 CEST44349876157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.690135002 CEST49874443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.690145016 CEST44349874104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.690754890 CEST49876443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.716649055 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.716666937 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.716767073 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.716792107 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.716804981 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.716811895 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.716839075 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.716856956 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.716902018 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.717173100 CEST44349873104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.717215061 CEST44349873104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.717221975 CEST49873443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.717233896 CEST44349873104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.717277050 CEST49873443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.717348099 CEST44349873104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.717436075 CEST44349873104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.717721939 CEST49873443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.718379021 CEST49873443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.718389034 CEST44349873104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.731403112 CEST44349876157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.734739065 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.734770060 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.734865904 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.734888077 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.734937906 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.734952927 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.750648022 CEST44349870157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.750773907 CEST49870443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.750792027 CEST44349870157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.750835896 CEST49870443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.751770020 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.751791954 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.751827002 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.751838923 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.751863956 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.751863956 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.751873016 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.751926899 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.752353907 CEST49870443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.752374887 CEST44349870157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.754573107 CEST44349869157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.754631042 CEST49869443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.754645109 CEST44349869157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.754683971 CEST44349869157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.754921913 CEST49869443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.758770943 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.758786917 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.758805990 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.758816004 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.758884907 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.758884907 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.758932114 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.758990049 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.758990049 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.763396978 CEST49869443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.763418913 CEST44349869157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.766835928 CEST49877443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.766877890 CEST44349877157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.767219067 CEST49877443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.767456055 CEST49877443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.767472029 CEST44349877157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.771136999 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.771162987 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.771272898 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.771272898 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.771284103 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.771532059 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.780900002 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.780942917 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.780997992 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.780997992 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.781006098 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.782843113 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.783423901 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.783432961 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.793065071 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.793082952 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.793114901 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.793124914 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.793128014 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.793180943 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.793191910 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.793200016 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.793235064 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.793261051 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.793262959 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.793271065 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.794256926 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.800776958 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.800817966 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.800919056 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.800983906 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.800985098 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.802360058 CEST49864443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.802369118 CEST44349864157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.831211090 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.831253052 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.831304073 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.831316948 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.831419945 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.831419945 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.831454039 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.831492901 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.831520081 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.831537962 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.831653118 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.834230900 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.834330082 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.834341049 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.838618040 CEST44349876157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.838781118 CEST44349876157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.839154959 CEST49876443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.839627028 CEST49876443192.168.2.8157.240.26.27
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.839643002 CEST44349876157.240.26.27192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.867232084 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.867312908 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.867324114 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.867403984 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.899919033 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.899960995 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.900002003 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.900012970 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.900054932 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.920095921 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.920125008 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.920181036 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.920193911 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.920217037 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.924029112 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.924072027 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.924093008 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.924134970 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.924139023 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.924161911 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.924185038 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.924192905 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.924215078 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.924284935 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.930856943 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.930876017 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.930936098 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.930965900 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.930998087 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.931016922 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.933224916 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.933295012 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.946698904 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.946803093 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.946801901 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.946835041 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.946871042 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.951510906 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.951523066 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.951540947 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.951549053 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.951666117 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.951683998 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.951771021 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.951836109 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.958224058 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.958245039 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.958295107 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.958309889 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.958395958 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.972326040 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.972343922 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.972429037 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.972448111 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.978573084 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.978584051 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.978621960 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.978708982 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.978708982 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.978717089 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.978722095 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.978923082 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.985868931 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.985888004 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.985989094 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.986036062 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.986083984 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.986149073 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.997257948 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.997298002 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.997339964 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.997354031 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:21.997385979 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.013861895 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.013881922 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.013958931 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.013981104 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.018420935 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.018445969 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.018482924 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.018507004 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.018526077 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.018637896 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.019948006 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.019970894 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.020046949 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.020059109 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.028669119 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.028683901 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.028739929 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.028752089 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.030273914 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.030363083 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.030370951 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.037076950 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.037118912 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.037257910 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.037257910 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.037293911 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.038619995 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.038642883 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.038707018 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.038722038 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.038769960 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.038844109 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.044337988 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.044356108 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.044433117 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.044447899 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.052519083 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.052534103 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.052596092 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.052617073 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.061214924 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.061239004 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.061414003 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.061427116 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.061512947 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.064330101 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.064344883 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.064409971 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.064426899 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.064667940 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.064712048 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.064728022 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.077980042 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.078023911 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.078085899 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.078114033 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.078141928 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.091525078 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.091561079 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.091639996 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.091660023 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.091712952 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.092515945 CEST49860443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.092550993 CEST44349860157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.102550030 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.102567911 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.102657080 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.102670908 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.102729082 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.107583046 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.107655048 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.107666016 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.107683897 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.107729912 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.107959032 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.108031034 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.112056971 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.112101078 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.112155914 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.112165928 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.112171888 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.112304926 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.122769117 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.122796059 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.122895002 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.122909069 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.123075008 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.134115934 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.134145975 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.134253025 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.134253025 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.134263992 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.134391069 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.146028042 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.146054029 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.146085024 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.146179914 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.146179914 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.146193981 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.146351099 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.157160997 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.157222033 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.157315016 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.157315016 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.157329082 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.164587021 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.164638996 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.164660931 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.164671898 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.164681911 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.164771080 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.164771080 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.165060043 CEST49871443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.165072918 CEST44349871157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.185848951 CEST49878443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.185878038 CEST44349878104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.185933113 CEST49878443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.186444044 CEST49878443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.186456919 CEST44349878104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.187994957 CEST49879443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.188045025 CEST44349879104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.188163042 CEST49879443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.188493013 CEST49879443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.188515902 CEST44349879104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.191850901 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.191890955 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.192094088 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.192446947 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.192460060 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.376004934 CEST44349877157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.376403093 CEST49877443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.376413107 CEST44349877157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.376912117 CEST44349877157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.377552032 CEST49877443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.377602100 CEST49877443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.377639055 CEST44349877157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.459570885 CEST49877443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.625910044 CEST44349879104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.626143932 CEST44349878104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.626693964 CEST49879443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.626720905 CEST44349879104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.626995087 CEST49878443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.627022982 CEST44349878104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.627911091 CEST44349879104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.627976894 CEST49879443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.628114939 CEST44349878104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.628170967 CEST49878443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.628494024 CEST49879443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.628602028 CEST44349879104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.628628969 CEST49879443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.628787041 CEST49879443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.628787041 CEST49879443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.628797054 CEST44349879104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.628808022 CEST44349879104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.628850937 CEST49879443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.629055977 CEST49879443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.629338980 CEST49881443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.629420996 CEST44349881104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.629489899 CEST49881443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.629801035 CEST49878443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.629816055 CEST49878443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.629868031 CEST49878443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.629885912 CEST44349878104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.630049944 CEST49878443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.630139112 CEST49882443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.630150080 CEST44349882104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.630208015 CEST49882443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.630394936 CEST49881443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.630407095 CEST44349881104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.631077051 CEST49882443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.631092072 CEST44349882104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.633132935 CEST44349877157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.633218050 CEST49877443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.633228064 CEST44349877157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.633306980 CEST44349877157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.633620024 CEST49877443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.700802088 CEST49877443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.700833082 CEST44349877157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.909753084 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:22.960666895 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.019140959 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.019154072 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.019709110 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.023785114 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.023868084 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.024113894 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.071408033 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.183638096 CEST44349881104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.184046030 CEST49881443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.184076071 CEST44349881104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.185162067 CEST44349881104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.185214043 CEST49881443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.185655117 CEST49881443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.185717106 CEST44349881104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.186117887 CEST49881443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.186130047 CEST44349881104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.186148882 CEST49881443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.186156988 CEST44349881104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.201817036 CEST44349882104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.202326059 CEST49882443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.202354908 CEST44349882104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.203644991 CEST44349882104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.203723907 CEST49882443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.204181910 CEST49882443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.204302073 CEST44349882104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.204360962 CEST49882443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.206033945 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.206115007 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.206135035 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.251403093 CEST44349882104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.281979084 CEST44349881104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.282114029 CEST49881443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.283449888 CEST49881443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.283474922 CEST44349881104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.290225983 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.290266037 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.290275097 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.290324926 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.290332079 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.290401936 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.322510958 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.322529078 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.322565079 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.322577000 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.322580099 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.322643042 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.322649956 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.322685957 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.325352907 CEST44349882104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.325416088 CEST49882443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.325438976 CEST44349882104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.325517893 CEST44349882104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.325579882 CEST49882443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.327131987 CEST49882443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.327156067 CEST44349882104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.334287882 CEST49883443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.334323883 CEST44349883104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.334430933 CEST49883443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.335066080 CEST49883443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.335084915 CEST44349883104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.371138096 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.371150017 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.371171951 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.371181965 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.371220112 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.371227980 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.371275902 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.386440992 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.386456966 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.386543036 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.386553049 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.386624098 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.386914015 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.386972904 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.409281969 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.409312963 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.409378052 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.409382105 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.409430027 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.432101011 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.432120085 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.432209015 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.432216883 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.456110954 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.456135988 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.456187963 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.456202030 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.456240892 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.468322992 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.468348980 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.468430042 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.468453884 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.468666077 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.470037937 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.470107079 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.483288050 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.483333111 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.483369112 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.483378887 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.483448982 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.491648912 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.491676092 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.491712093 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.491724968 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.491760015 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.502177000 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.502201080 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.502247095 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.502266884 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.502286911 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.512391090 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.512424946 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.512473106 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.512480021 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.512533903 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.512552023 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.512600899 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.522182941 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.522229910 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.522259951 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.522273064 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.522294044 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.522324085 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.529906988 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.529947042 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.529982090 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.529992104 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.530002117 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.530028105 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.530061007 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.530309916 CEST49880443192.168.2.8157.240.251.9
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.530328035 CEST44349880157.240.251.9192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.772689104 CEST44349883104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.773068905 CEST49883443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.773082018 CEST44349883104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.774115086 CEST44349883104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.774179935 CEST49883443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.774514914 CEST49883443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.774528027 CEST49883443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.774584055 CEST44349883104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.774729967 CEST44349883104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.774743080 CEST49883443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.774743080 CEST49883443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.774756908 CEST44349883104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.774806976 CEST49883443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.774844885 CEST49883443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.775413036 CEST49884443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.775445938 CEST44349884104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.775510073 CEST49884443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.775789022 CEST49884443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:23.775803089 CEST44349884104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:24.217776060 CEST44349884104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:24.218142986 CEST49884443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:24.218167067 CEST44349884104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:24.218497992 CEST44349884104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:24.218899012 CEST49884443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:24.218962908 CEST44349884104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:24.219189882 CEST49884443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:24.259430885 CEST44349884104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:24.351233006 CEST44349884104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:24.351352930 CEST44349884104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:24.351541042 CEST49884443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:24.353915930 CEST49884443192.168.2.8104.21.11.4
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:24.353933096 CEST44349884104.21.11.4192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:25.394217968 CEST44349749142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:25.394289970 CEST44349749142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:25.394431114 CEST49749443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:25.446014881 CEST49749443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:25.446054935 CEST44349749142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:32.677654028 CEST4970580192.168.2.8152.199.19.74
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:32.677748919 CEST4970380192.168.2.8104.18.21.226
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:32.677788973 CEST4970480192.168.2.8152.199.19.74
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:32.683512926 CEST8049705152.199.19.74192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:32.683617115 CEST4970580192.168.2.8152.199.19.74
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:32.683657885 CEST8049703104.18.21.226192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:32.683721066 CEST4970380192.168.2.8104.18.21.226
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:32.684526920 CEST8049704152.199.19.74192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:32.684580088 CEST4970480192.168.2.8152.199.19.74
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:49.871068001 CEST49885443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:49.871131897 CEST44349885172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:49.871202946 CEST49885443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:49.871619940 CEST49885443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:49.871635914 CEST44349885172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.574673891 CEST44349885172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.574759960 CEST49885443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.578732014 CEST49885443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.578747034 CEST44349885172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.579066992 CEST44349885172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.587043047 CEST49885443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.631398916 CEST44349885172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.837837934 CEST44349885172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.837860107 CEST44349885172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.837879896 CEST44349885172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.837990046 CEST49885443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.838023901 CEST44349885172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.838098049 CEST49885443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.839021921 CEST44349885172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.839061022 CEST44349885172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.839088917 CEST49885443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.839093924 CEST44349885172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.839118004 CEST49885443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.839535952 CEST44349885172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.839598894 CEST49885443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.841521025 CEST49885443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.841537952 CEST44349885172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.841555119 CEST49885443192.168.2.8172.202.163.200
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:50.841559887 CEST44349885172.202.163.200192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:11.600275993 CEST4434970613.107.246.45192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:11.601627111 CEST4434970613.107.246.45192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:11.601761103 CEST49706443192.168.2.813.107.246.45
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:11.601761103 CEST49706443192.168.2.813.107.246.45
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:11.607983112 CEST4434970613.107.246.45192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:14.930634022 CEST49890443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:14.930705070 CEST44349890142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:14.930836916 CEST49890443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:14.931181908 CEST49890443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:14.931202888 CEST44349890142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:15.539190054 CEST44349890142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:15.546585083 CEST49890443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:15.546622038 CEST44349890142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:15.547198057 CEST44349890142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:15.557653904 CEST49890443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:15.557802916 CEST44349890142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:15.598251104 CEST49890443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:25.467381954 CEST44349890142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:25.467473984 CEST44349890142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:25.467772961 CEST49890443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:27.423995018 CEST49890443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:27.424074888 CEST44349890142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:14.992352009 CEST49892443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:14.992420912 CEST44349892142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:14.992485046 CEST49892443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:14.992783070 CEST49892443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:14.992806911 CEST44349892142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:15.609162092 CEST44349892142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:15.609601021 CEST49892443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:15.609637976 CEST44349892142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:15.610133886 CEST44349892142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:15.610848904 CEST49892443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:15.610953093 CEST44349892142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:15.651818991 CEST49892443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:25.605824947 CEST44349892142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:25.605906963 CEST44349892142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:25.608351946 CEST49892443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:27.415481091 CEST49892443192.168.2.8142.250.186.68
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:27.415517092 CEST44349892142.250.186.68192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:50.890947104 CEST49893443192.168.2.8157.240.253.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:50.890994072 CEST44349893157.240.253.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:50.891056061 CEST49893443192.168.2.8157.240.253.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:50.891407013 CEST49893443192.168.2.8157.240.253.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:50.891419888 CEST44349893157.240.253.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:51.530559063 CEST44349893157.240.253.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:51.533860922 CEST49893443192.168.2.8157.240.253.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:51.533869982 CEST44349893157.240.253.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:51.534190893 CEST44349893157.240.253.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:51.534800053 CEST49893443192.168.2.8157.240.253.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:51.534848928 CEST44349893157.240.253.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:51.534863949 CEST49893443192.168.2.8157.240.253.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:51.534863949 CEST49893443192.168.2.8157.240.253.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:51.534879923 CEST44349893157.240.253.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:51.647027016 CEST49893443192.168.2.8157.240.253.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:51.912503004 CEST44349893157.240.253.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:51.912564039 CEST44349893157.240.253.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:51.912684917 CEST44349893157.240.253.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:51.912765980 CEST44349893157.240.253.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:51.912904978 CEST49893443192.168.2.8157.240.253.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:51.922163010 CEST49893443192.168.2.8157.240.253.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:51.922183990 CEST44349893157.240.253.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.240978956 CEST49894443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.241050005 CEST44349894157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.241358995 CEST49894443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.241636038 CEST49894443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.241658926 CEST44349894157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.839138031 CEST44349894157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.839473963 CEST49894443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.839495897 CEST44349894157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.840526104 CEST44349894157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.840621948 CEST49894443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.841489077 CEST49894443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.841552019 CEST44349894157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.842129946 CEST49894443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.842139006 CEST44349894157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.946017981 CEST49894443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:53.207231045 CEST44349894157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:53.207420111 CEST44349894157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:53.207490921 CEST44349894157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:53.207494974 CEST49894443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:53.207506895 CEST44349894157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:53.207550049 CEST49894443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:53.207655907 CEST44349894157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:53.207719088 CEST44349894157.240.251.35192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:53.207767010 CEST49894443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:53.239979029 CEST49894443192.168.2.8157.240.251.35
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:53.240004063 CEST44349894157.240.251.35192.168.2.8

                                                                                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:10.953844070 CEST5205853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:10.954262972 CEST5800953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:10.966120958 CEST53520581.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:10.966965914 CEST53580091.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:11.142505884 CEST53494451.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:11.195714951 CEST53588981.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:12.888753891 CEST53527451.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.067111015 CEST6241953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.079035997 CEST53624191.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.084722996 CEST5209653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.085192919 CEST6450453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.092045069 CEST53645041.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.100949049 CEST6079353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.108673096 CEST53520961.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.117849112 CEST53607931.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.866153002 CEST5408053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.866368055 CEST5388453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.873222113 CEST53540801.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.873241901 CEST53538841.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.579359055 CEST6347253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.579552889 CEST5716853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.587780952 CEST53634721.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.589251995 CEST53571681.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.421117067 CEST5032853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.421179056 CEST5297553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.430706024 CEST53503281.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.431179047 CEST53529751.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.898606062 CEST5267853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.911875010 CEST53526781.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.336303949 CEST6270253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.643604994 CEST53627021.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.779509068 CEST53631771.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.920993090 CEST6230053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.921274900 CEST6365253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.927941084 CEST53623001.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.928528070 CEST53636521.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.929415941 CEST53611151.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.948410988 CEST6474653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.948945045 CEST5670753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.956574917 CEST53567071.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.956592083 CEST53647461.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.692290068 CEST53493211.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.697362900 CEST5652053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.697561026 CEST6250053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.706377983 CEST53565201.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.706393003 CEST53625001.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.977633953 CEST53619821.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.019005060 CEST6145053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.019253016 CEST5823353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.029798031 CEST53582331.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.030153036 CEST53614501.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.146502018 CEST5997553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.147135019 CEST5327653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.153990030 CEST53599751.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.158134937 CEST53532761.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.174631119 CEST53608611.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.291920900 CEST53613571.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.901382923 CEST4937453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.901685953 CEST5988953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.909853935 CEST53493741.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.911081076 CEST53598891.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.937922001 CEST5815053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.937968969 CEST5141953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.944793940 CEST53514191.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.945458889 CEST53581501.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:30.420433998 CEST53544701.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:32.372236967 CEST138138192.168.2.8192.168.2.255
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:49.156794071 CEST53588291.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:10.596004963 CEST53525101.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:11.969522953 CEST53625281.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:42:39.433327913 CEST53553231.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:25.241734028 CEST53582921.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:50.883018017 CEST5983853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:50.883248091 CEST5874053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:50.889972925 CEST53587401.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:50.890192032 CEST53598381.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.232105970 CEST6214853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.232223988 CEST6212053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.238888979 CEST53621481.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.240304947 CEST53621201.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:44:39.812529087 CEST53581081.1.1.1192.168.2.8

                                                                                                                                                                                                                                                                                      ICMP Packets

                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.117953062 CEST192.168.2.81.1.1.1c238(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:10.953844070 CEST192.168.2.81.1.1.10xa4d3Standard query (0)www.highmotionsoftware.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:10.954262972 CEST192.168.2.81.1.1.10x8605Standard query (0)www.highmotionsoftware.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.067111015 CEST192.168.2.81.1.1.10x1ce9Standard query (0)badges.crowdin.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.084722996 CEST192.168.2.81.1.1.10x45f1Standard query (0)badges.crowdin.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.085192919 CEST192.168.2.81.1.1.10x8e26Standard query (0)img.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.100949049 CEST192.168.2.81.1.1.10x7871Standard query (0)img.youtube.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.866153002 CEST192.168.2.81.1.1.10x8c8Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.866368055 CEST192.168.2.81.1.1.10xbbcbStandard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.579359055 CEST192.168.2.81.1.1.10x5be8Standard query (0)img.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.579552889 CEST192.168.2.81.1.1.10x93b5Standard query (0)img.youtube.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.421117067 CEST192.168.2.81.1.1.10xf6e2Standard query (0)www.highmotionsoftware.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.421179056 CEST192.168.2.81.1.1.10x123cStandard query (0)www.highmotionsoftware.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.898606062 CEST192.168.2.81.1.1.10xe40dStandard query (0)www.highmotionsoftware.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.336303949 CEST192.168.2.81.1.1.10x60ebStandard query (0)www.bolidesoft.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.920993090 CEST192.168.2.81.1.1.10xd12aStandard query (0)static.cloudflareinsights.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.921274900 CEST192.168.2.81.1.1.10x1de6Standard query (0)static.cloudflareinsights.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.948410988 CEST192.168.2.81.1.1.10x7b43Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.948945045 CEST192.168.2.81.1.1.10x73d5Standard query (0)www.facebook.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.697362900 CEST192.168.2.81.1.1.10x5391Standard query (0)static.cloudflareinsights.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.697561026 CEST192.168.2.81.1.1.10x234aStandard query (0)static.cloudflareinsights.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.019005060 CEST192.168.2.81.1.1.10xc26bStandard query (0)static.xx.fbcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.019253016 CEST192.168.2.81.1.1.10x8291Standard query (0)static.xx.fbcdn.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.146502018 CEST192.168.2.81.1.1.10xa56dStandard query (0)scontent-msp1-1.xx.fbcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.147135019 CEST192.168.2.81.1.1.10x252eStandard query (0)scontent-msp1-1.xx.fbcdn.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.901382923 CEST192.168.2.81.1.1.10xb4a8Standard query (0)scontent-msp1-1.xx.fbcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.901685953 CEST192.168.2.81.1.1.10x3e6aStandard query (0)scontent-msp1-1.xx.fbcdn.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.937922001 CEST192.168.2.81.1.1.10xaf23Standard query (0)static.xx.fbcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.937968969 CEST192.168.2.81.1.1.10xce81Standard query (0)static.xx.fbcdn.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:50.883018017 CEST192.168.2.81.1.1.10x9c1fStandard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:50.883248091 CEST192.168.2.81.1.1.10x565Standard query (0)www.facebook.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.232105970 CEST192.168.2.81.1.1.10x7d3fStandard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.232223988 CEST192.168.2.81.1.1.10x58a1Standard query (0)www.facebook.com65IN (0x0001)false

                                                                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:10.966120958 CEST1.1.1.1192.168.2.80xa4d3No error (0)www.highmotionsoftware.com104.21.11.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:10.966120958 CEST1.1.1.1192.168.2.80xa4d3No error (0)www.highmotionsoftware.com172.67.164.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:10.966965914 CEST1.1.1.1192.168.2.80x8605No error (0)www.highmotionsoftware.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.079035997 CEST1.1.1.1192.168.2.80x1ce9No error (0)badges.crowdin.netd322cqt584bo4o.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.079035997 CEST1.1.1.1192.168.2.80x1ce9No error (0)d322cqt584bo4o.cloudfront.net13.32.27.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.079035997 CEST1.1.1.1192.168.2.80x1ce9No error (0)d322cqt584bo4o.cloudfront.net13.32.27.88A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.079035997 CEST1.1.1.1192.168.2.80x1ce9No error (0)d322cqt584bo4o.cloudfront.net13.32.27.47A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.079035997 CEST1.1.1.1192.168.2.80x1ce9No error (0)d322cqt584bo4o.cloudfront.net13.32.27.112A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.092045069 CEST1.1.1.1192.168.2.80x8e26No error (0)img.youtube.comytimg.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.092045069 CEST1.1.1.1192.168.2.80x8e26No error (0)ytimg.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.092045069 CEST1.1.1.1192.168.2.80x8e26No error (0)ytimg.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.092045069 CEST1.1.1.1192.168.2.80x8e26No error (0)ytimg.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.092045069 CEST1.1.1.1192.168.2.80x8e26No error (0)ytimg.l.google.com172.217.18.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.092045069 CEST1.1.1.1192.168.2.80x8e26No error (0)ytimg.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.092045069 CEST1.1.1.1192.168.2.80x8e26No error (0)ytimg.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.092045069 CEST1.1.1.1192.168.2.80x8e26No error (0)ytimg.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.092045069 CEST1.1.1.1192.168.2.80x8e26No error (0)ytimg.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.092045069 CEST1.1.1.1192.168.2.80x8e26No error (0)ytimg.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.092045069 CEST1.1.1.1192.168.2.80x8e26No error (0)ytimg.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.092045069 CEST1.1.1.1192.168.2.80x8e26No error (0)ytimg.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.092045069 CEST1.1.1.1192.168.2.80x8e26No error (0)ytimg.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.092045069 CEST1.1.1.1192.168.2.80x8e26No error (0)ytimg.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.092045069 CEST1.1.1.1192.168.2.80x8e26No error (0)ytimg.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.092045069 CEST1.1.1.1192.168.2.80x8e26No error (0)ytimg.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.092045069 CEST1.1.1.1192.168.2.80x8e26No error (0)ytimg.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.108673096 CEST1.1.1.1192.168.2.80x45f1No error (0)badges.crowdin.netd322cqt584bo4o.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:13.117849112 CEST1.1.1.1192.168.2.80x7871No error (0)img.youtube.comytimg.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.873222113 CEST1.1.1.1192.168.2.80x8c8No error (0)www.google.com142.250.186.68A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:14.873241901 CEST1.1.1.1192.168.2.80xbbcbNo error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.587780952 CEST1.1.1.1192.168.2.80x5be8No error (0)img.youtube.comytimg.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.587780952 CEST1.1.1.1192.168.2.80x5be8No error (0)ytimg.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.587780952 CEST1.1.1.1192.168.2.80x5be8No error (0)ytimg.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.587780952 CEST1.1.1.1192.168.2.80x5be8No error (0)ytimg.l.google.com172.217.23.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.587780952 CEST1.1.1.1192.168.2.80x5be8No error (0)ytimg.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.587780952 CEST1.1.1.1192.168.2.80x5be8No error (0)ytimg.l.google.com216.58.212.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.587780952 CEST1.1.1.1192.168.2.80x5be8No error (0)ytimg.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.587780952 CEST1.1.1.1192.168.2.80x5be8No error (0)ytimg.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.587780952 CEST1.1.1.1192.168.2.80x5be8No error (0)ytimg.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.587780952 CEST1.1.1.1192.168.2.80x5be8No error (0)ytimg.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.587780952 CEST1.1.1.1192.168.2.80x5be8No error (0)ytimg.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.587780952 CEST1.1.1.1192.168.2.80x5be8No error (0)ytimg.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.587780952 CEST1.1.1.1192.168.2.80x5be8No error (0)ytimg.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.587780952 CEST1.1.1.1192.168.2.80x5be8No error (0)ytimg.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.587780952 CEST1.1.1.1192.168.2.80x5be8No error (0)ytimg.l.google.com172.217.18.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.587780952 CEST1.1.1.1192.168.2.80x5be8No error (0)ytimg.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.587780952 CEST1.1.1.1192.168.2.80x5be8No error (0)ytimg.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:15.589251995 CEST1.1.1.1192.168.2.80x93b5No error (0)img.youtube.comytimg.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.430706024 CEST1.1.1.1192.168.2.80xf6e2No error (0)www.highmotionsoftware.com104.21.11.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.430706024 CEST1.1.1.1192.168.2.80xf6e2No error (0)www.highmotionsoftware.com172.67.164.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.431179047 CEST1.1.1.1192.168.2.80x123cNo error (0)www.highmotionsoftware.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.911875010 CEST1.1.1.1192.168.2.80xe40dNo error (0)www.highmotionsoftware.com172.67.164.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:16.911875010 CEST1.1.1.1192.168.2.80xe40dNo error (0)www.highmotionsoftware.com104.21.11.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.643604994 CEST1.1.1.1192.168.2.80x60ebNo error (0)www.bolidesoft.combolidesoft.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.643604994 CEST1.1.1.1192.168.2.80x60ebNo error (0)bolidesoft.com104.193.111.117A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.927941084 CEST1.1.1.1192.168.2.80xd12aNo error (0)static.cloudflareinsights.com104.16.79.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.927941084 CEST1.1.1.1192.168.2.80xd12aNo error (0)static.cloudflareinsights.com104.16.80.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.928528070 CEST1.1.1.1192.168.2.80x1de6No error (0)static.cloudflareinsights.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.956574917 CEST1.1.1.1192.168.2.80x73d5No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.956592083 CEST1.1.1.1192.168.2.80x7b43No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:17.956592083 CEST1.1.1.1192.168.2.80x7b43No error (0)star-mini.c10r.facebook.com157.240.251.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.706377983 CEST1.1.1.1192.168.2.80x5391No error (0)static.cloudflareinsights.com104.16.79.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.706377983 CEST1.1.1.1192.168.2.80x5391No error (0)static.cloudflareinsights.com104.16.80.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:18.706393003 CEST1.1.1.1192.168.2.80x234aNo error (0)static.cloudflareinsights.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.029798031 CEST1.1.1.1192.168.2.80x8291No error (0)static.xx.fbcdn.netscontent.xx.fbcdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.029798031 CEST1.1.1.1192.168.2.80x8291No error (0)scontent.xx.fbcdn.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.029798031 CEST1.1.1.1192.168.2.80x8291No error (0)scontent.xx.fbcdn.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.030153036 CEST1.1.1.1192.168.2.80xc26bNo error (0)static.xx.fbcdn.netscontent.xx.fbcdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.030153036 CEST1.1.1.1192.168.2.80xc26bNo error (0)scontent.xx.fbcdn.net157.240.251.9A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.153990030 CEST1.1.1.1192.168.2.80xa56dNo error (0)scontent-msp1-1.xx.fbcdn.net157.240.26.27A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.158134937 CEST1.1.1.1192.168.2.80x252eNo error (0)scontent-msp1-1.xx.fbcdn.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.909853935 CEST1.1.1.1192.168.2.80xb4a8No error (0)scontent-msp1-1.xx.fbcdn.net157.240.26.27A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.911081076 CEST1.1.1.1192.168.2.80x3e6aNo error (0)scontent-msp1-1.xx.fbcdn.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.944793940 CEST1.1.1.1192.168.2.80xce81No error (0)static.xx.fbcdn.netscontent.xx.fbcdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.944793940 CEST1.1.1.1192.168.2.80xce81No error (0)scontent.xx.fbcdn.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.944793940 CEST1.1.1.1192.168.2.80xce81No error (0)scontent.xx.fbcdn.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.945458889 CEST1.1.1.1192.168.2.80xaf23No error (0)static.xx.fbcdn.netscontent.xx.fbcdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:41:19.945458889 CEST1.1.1.1192.168.2.80xaf23No error (0)scontent.xx.fbcdn.net157.240.251.9A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:50.889972925 CEST1.1.1.1192.168.2.80x565No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:50.890192032 CEST1.1.1.1192.168.2.80x9c1fNo error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:50.890192032 CEST1.1.1.1192.168.2.80x9c1fNo error (0)star-mini.c10r.facebook.com157.240.253.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.238888979 CEST1.1.1.1192.168.2.80x7d3fNo error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.238888979 CEST1.1.1.1192.168.2.80x7d3fNo error (0)star-mini.c10r.facebook.com157.240.251.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Oct 8, 2024 00:43:52.240304947 CEST1.1.1.1192.168.2.80x58a1No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                      • slscr.update.microsoft.com
                                                                                                                                                                                                                                                                                      • www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      • https:
                                                                                                                                                                                                                                                                                        • img.youtube.com
                                                                                                                                                                                                                                                                                        • badges.crowdin.net
                                                                                                                                                                                                                                                                                        • static.cloudflareinsights.com
                                                                                                                                                                                                                                                                                        • www.facebook.com
                                                                                                                                                                                                                                                                                        • static.xx.fbcdn.net
                                                                                                                                                                                                                                                                                        • scontent-msp1-1.xx.fbcdn.net
                                                                                                                                                                                                                                                                                      • www.bolidesoft.com
                                                                                                                                                                                                                                                                                      • www.bolidesoft.com:443
                                                                                                                                                                                                                                                                                      • fs.microsoft.com

                                                                                                                                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      0192.168.2.849708172.202.163.200443
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:07 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cL3SfTB3m4YLydf&MD=8HgmYluO HTTP/1.1
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                                                                                                      Host: slscr.update.microsoft.com
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:07 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                      Expires: -1
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                                                                                                      ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                                                                                                                                      MS-CorrelationId: a1d37bdf-12c1-428f-aee2-992d732a9d05
                                                                                                                                                                                                                                                                                      MS-RequestId: c191272e-9c90-4e60-b135-f5c0a1afd51d
                                                                                                                                                                                                                                                                                      MS-CV: 6+lBeeQmDk+AsSUd.0
                                                                                                                                                                                                                                                                                      X-Microsoft-SLSClientCache: 2880
                                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:06 GMT
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 24490
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:07 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                                                                                                                                      Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:07 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                                                                                                                                                      Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      1192.168.2.849718104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:12 UTC694OUTGET /products/imbatch/thankyou HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                                                      Sec-Fetch-User: ?1
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: document
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:12 UTC903INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:12 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      expires: Sun, 19 Nov 1978 05:00:00 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                      content-language: en
                                                                                                                                                                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                      x-generator: Drupal 7 (http://drupal.org)
                                                                                                                                                                                                                                                                                      link: </products/imbatch/thankyou>; rel="canonical",</node/51>; rel="shortlink"
                                                                                                                                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y0IDxnpnGgNNxbk5cv%2BSWuwUmi6emqo%2Bo0LK1IN8lRvPTwfkrMMPBU4fLw2I3RNKp2du%2FmgJODhpO9oy9dGPfUnOXrUFb2dwmHlo5BQU2gC%2BZCq%2B0Er%2BQ4cB90VutWOYlmujBAan%2BZjkCJdCtA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Speculation-Rules: "/cdn-cgi/speculation"
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165b3181e0f55-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:12 UTC466INData Raw: 35 39 63 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 2b 52 44 46 61 20 31 2e 30 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 4d 61 72 6b 55 70 2f 44 54 44 2f 78 68 74 6d 6c 2d 72 64 66 61 2d 31 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 76 65 72 73 69 6f 6e 3d 22 58 48 54 4d 4c 2b 52 44 46 61 20 31 2e 30 22 20 64 69 72 3d 22 6c 74 72 22 0a 20 20 78 6d 6c 6e 73 3a 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f
                                                                                                                                                                                                                                                                                      Data Ascii: 59c9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" version="XHTML+RDFa 1.0" dir="ltr" xmlns:content="http://purl.org/rss/1.0/modules/co
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:12 UTC1369INData Raw: 22 0a 20 20 78 6d 6c 6e 73 3a 73 69 6f 63 74 3d 22 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 22 0a 20 20 78 6d 6c 6e 73 3a 73 6b 6f 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 22 0a 20 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 20 70 72 6f 66 69 6c 65 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 2f 76 6f 63 61 62 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63
                                                                                                                                                                                                                                                                                      Data Ascii: " xmlns:sioct="http://rdfs.org/sioc/types#" xmlns:skos="http://www.w3.org/2004/02/skos/core#" xmlns:xsd="http://www.w3.org/2001/XMLSchema#"><head profile="http://www.w3.org/1999/xhtml/vocab"> <meta http-equiv="Content-Type" content="text/html; c
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:12 UTC1369INData Raw: 74 20 75 72 6c 28 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 69 67 68 6d 6f 74 69 6f 6e 73 6f 66 74 77 61 72 65 2e 63 6f 6d 2f 6d 6f 64 75 6c 65 73 2f 66 69 65 6c 64 2f 74 68 65 6d 65 2f 66 69 65 6c 64 2e 63 73 73 3f 73 37 39 37 38 6f 22 29 3b 0a 40 69 6d 70 6f 72 74 20 75 72 6c 28 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 69 67 68 6d 6f 74 69 6f 6e 73 6f 66 74 77 61 72 65 2e 63 6f 6d 2f 6d 6f 64 75 6c 65 73 2f 6e 6f 64 65 2f 6e 6f 64 65 2e 63 73 73 3f 73 37 39 37 38 6f 22 29 3b 0a 40 69 6d 70 6f 72 74 20 75 72 6c 28 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 69 67 68 6d 6f 74 69 6f 6e 73 6f 66 74 77 61 72 65 2e 63 6f 6d 2f 6d 6f 64 75 6c 65 73 2f 73 65 61 72 63 68 2f 73 65 61 72 63 68 2e 63 73 73 3f 73 37 39 37 38 6f 22 29 3b 0a 40 69 6d 70 6f 72 74 20 75
                                                                                                                                                                                                                                                                                      Data Ascii: t url("https://www.highmotionsoftware.com/modules/field/theme/field.css?s7978o");@import url("https://www.highmotionsoftware.com/modules/node/node.css?s7978o");@import url("https://www.highmotionsoftware.com/modules/search/search.css?s7978o");@import u
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:12 UTC1369INData Raw: 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 69 67 68 6d 6f 74 69 6f 6e 73 6f 66 74 77 61 72 65 2e 63 6f 6d 2f 6d 69 73 63 2f 64 72 75 70 61 6c 2e 6a 73 3f 73 37 39 37 38 6f 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 69 67 68 6d 6f 74 69 6f 6e 73 6f 66 74 77 61 72 65 2e 63 6f 6d 2f 73 69 74 65 73 2f 61 6c 6c 2f 6c 69 62 72 61 72 69 65 73 2f 73 75 70 65 72 66 69 73 68 2f 6a 71 75 65 72 79 2e 68 6f 76 65 72 49 6e 74 65 6e 74 2e 6d 69 6e 69 66 69 65 64 2e 6a 73 3f 73 37 39 37 38 6f 22
                                                                                                                                                                                                                                                                                      Data Ascii: "></script><script type="text/javascript" src="https://www.highmotionsoftware.com/misc/drupal.js?s7978o"></script><script type="text/javascript" src="https://www.highmotionsoftware.com/sites/all/libraries/superfish/jquery.hoverIntent.minified.js?s7978o"
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:12 UTC1369INData Raw: 65 6d 5c 2f 73 79 73 74 65 6d 2e 6d 65 73 73 61 67 65 73 2e 63 73 73 22 3a 31 2c 22 6d 6f 64 75 6c 65 73 5c 2f 73 79 73 74 65 6d 5c 2f 73 79 73 74 65 6d 2e 74 68 65 6d 65 2e 63 73 73 22 3a 31 2c 22 6d 6f 64 75 6c 65 73 5c 2f 63 6f 6d 6d 65 6e 74 5c 2f 63 6f 6d 6d 65 6e 74 2e 63 73 73 22 3a 31 2c 22 6d 6f 64 75 6c 65 73 5c 2f 66 69 65 6c 64 5c 2f 74 68 65 6d 65 5c 2f 66 69 65 6c 64 2e 63 73 73 22 3a 31 2c 22 6d 6f 64 75 6c 65 73 5c 2f 6e 6f 64 65 5c 2f 6e 6f 64 65 2e 63 73 73 22 3a 31 2c 22 6d 6f 64 75 6c 65 73 5c 2f 73 65 61 72 63 68 5c 2f 73 65 61 72 63 68 2e 63 73 73 22 3a 31 2c 22 6d 6f 64 75 6c 65 73 5c 2f 75 73 65 72 5c 2f 75 73 65 72 2e 63 73 73 22 3a 31 2c 22 73 69 74 65 73 5c 2f 61 6c 6c 5c 2f 6d 6f 64 75 6c 65 73 5c 2f 63 74 6f 6f 6c 73 5c 2f 63
                                                                                                                                                                                                                                                                                      Data Ascii: em\/system.messages.css":1,"modules\/system\/system.theme.css":1,"modules\/comment\/comment.css":1,"modules\/field\/theme\/field.css":1,"modules\/node\/node.css":1,"modules\/search\/search.css":1,"modules\/user\/user.css":1,"sites\/all\/modules\/ctools\/c
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:12 UTC1369INData Raw: 69 70 74 27 29 3b 20 67 61 2e 74 79 70 65 20 3d 20 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3b 20 67 61 2e 61 73 79 6e 63 20 3d 20 74 72 75 65 3b 0a 20 20 20 20 67 61 2e 73 72 63 20 3d 20 28 27 68 74 74 70 73 3a 27 20 3d 3d 20 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 20 3f 20 27 68 74 74 70 73 3a 2f 2f 73 73 6c 27 20 3a 20 27 68 74 74 70 3a 2f 2f 77 77 77 27 29 20 2b 20 27 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 2f 67 61 2e 6a 73 27 3b 0a 20 20 20 20 76 61 72 20 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 27 73 63 72 69 70 74 27 29 5b 30 5d 3b 20 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 67 61
                                                                                                                                                                                                                                                                                      Data Ascii: ipt'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:12 UTC1369INData Raw: 74 22 3e 3c 61 20 68 72 65 66 3d 22 2f 72 75 2f 70 72 6f 64 75 63 74 73 2f 69 6d 62 61 74 63 68 2f 74 68 61 6e 6b 79 6f 75 22 20 63 6c 61 73 73 3d 22 6c 61 6e 67 75 61 67 65 2d 6c 69 6e 6b 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 72 75 22 3e 3c 69 6d 67 20 63 6c 61 73 73 3d 22 6c 61 6e 67 75 61 67 65 2d 69 63 6f 6e 22 20 74 79 70 65 6f 66 3d 22 66 6f 61 66 3a 49 6d 61 67 65 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 69 67 68 6d 6f 74 69 6f 6e 73 6f 66 74 77 61 72 65 2e 63 6f 6d 2f 73 69 74 65 73 2f 61 6c 6c 2f 6d 6f 64 75 6c 65 73 2f 6c 61 6e 67 75 61 67 65 69 63 6f 6e 73 2f 66 6c 61 67 73 2f 72 75 2e 70 6e 67 22 20 77 69 64 74 68 3d 22 31 36 22 20 68 65 69 67 68 74 3d 22 31 32 22 20 61 6c 74 3d 22 d0 a0 d1 83 d1 81 d1 81 d0 ba d0 b8 d0 b9 22
                                                                                                                                                                                                                                                                                      Data Ascii: t"><a href="/ru/products/imbatch/thankyou" class="language-link" xml:lang="ru"><img class="language-icon" typeof="foaf:Image" src="https://www.highmotionsoftware.com/sites/all/modules/languageicons/flags/ru.png" width="16" height="12" alt=""
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:12 UTC1369INData Raw: 09 09 09 09 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 67 69 6f 6e 20 72 65 67 69 6f 6e 2d 6d 65 6e 75 2d 62 61 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 62 6c 6f 63 6b 2d 73 75 70 65 72 66 69 73 68 2d 31 22 20 63 6c 61 73 73 3d 22 62 6c 6f 63 6b 20 62 6c 6f 63 6b 2d 73 75 70 65 72 66 69 73 68 22 3e 0a 0a 20 20 20 20 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 20 20 20 20 3c 75 6c 20 69 64 3d 22 73 75 70 65 72 66 69 73 68 2d 31 22 20 63 6c 61 73 73 3d 22 6d 65 6e 75 20 73 66 2d 6d 65 6e 75 20 73 66 2d 6d 61 69 6e 2d 6d 65 6e 75 20 73 66 2d 68 6f 72 69 7a 6f 6e 74 61 6c 20 73 66 2d 73 74 79 6c 65 2d 63 6f 66 66 65 65 20 73 66 2d 74 6f 74 61 6c 2d 69 74 65 6d 73 2d 35 20 73 66 2d 70 61 72 65 6e 74 2d 69 74 65 6d
                                                                                                                                                                                                                                                                                      Data Ascii: <div class="region region-menu-bar"> <div id="block-superfish-1" class="block block-superfish"> <div class="content"> <ul id="superfish-1" class="menu sf-menu sf-main-menu sf-horizontal sf-style-coffee sf-total-items-5 sf-parent-item
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:12 UTC1369INData Raw: 73 69 6e 67 6c 65 2d 63 68 69 6c 64 72 65 6e 2d 34 20 6d 65 6e 75 70 61 72 65 6e 74 22 3e 3c 61 20 68 72 65 66 3d 22 2f 64 6f 77 6e 6c 6f 61 64 2d 63 65 6e 74 65 72 22 20 74 69 74 6c 65 3d 22 22 20 63 6c 61 73 73 3d 22 73 66 2d 64 65 70 74 68 2d 31 20 6d 65 6e 75 70 61 72 65 6e 74 22 3e 44 6f 77 6e 6c 6f 61 64 20 43 65 6e 74 65 72 3c 2f 61 3e 3c 75 6c 3e 3c 6c 69 20 69 64 3d 22 6d 65 6e 75 2d 33 31 38 2d 31 22 20 63 6c 61 73 73 3d 22 66 69 72 73 74 20 6f 64 64 20 73 66 2d 69 74 65 6d 2d 31 20 73 66 2d 64 65 70 74 68 2d 32 20 73 66 2d 6e 6f 2d 63 68 69 6c 64 72 65 6e 22 3e 3c 61 20 68 72 65 66 3d 22 2f 64 6f 77 6e 6c 6f 61 64 2d 63 65 6e 74 65 72 2f 69 6d 62 61 74 63 68 22 20 63 6c 61 73 73 3d 22 73 66 2d 64 65 70 74 68 2d 32 22 3e 44 6f 77 6e 6c 6f 61 64
                                                                                                                                                                                                                                                                                      Data Ascii: single-children-4 menuparent"><a href="/download-center" title="" class="sf-depth-1 menuparent">Download Center</a><ul><li id="menu-318-1" class="first odd sf-item-1 sf-depth-2 sf-no-children"><a href="/download-center/imbatch" class="sf-depth-2">Download
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:12 UTC1369INData Raw: 69 65 77 22 20 74 69 74 6c 65 3d 22 22 20 63 6c 61 73 73 3d 22 73 66 2d 64 65 70 74 68 2d 32 22 3e 42 6f 6e 41 56 69 65 77 20 53 75 70 70 6f 72 74 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 69 64 3d 22 6d 65 6e 75 2d 33 33 33 2d 31 22 20 63 6c 61 73 73 3d 22 6d 69 64 64 6c 65 20 65 76 65 6e 20 73 66 2d 69 74 65 6d 2d 34 20 73 66 2d 64 65 70 74 68 2d 32 20 73 66 2d 6e 6f 2d 63 68 69 6c 64 72 65 6e 22 3e 3c 61 20 68 72 65 66 3d 22 2f 73 75 70 70 6f 72 74 2f 63 6f 6d 70 61 6e 79 22 20 74 69 74 6c 65 3d 22 22 20 63 6c 61 73 73 3d 22 73 66 2d 64 65 70 74 68 2d 32 22 3e 48 69 67 68 20 4d 6f 74 69 6f 6e 20 53 6f 66 74 77 61 72 65 20 53 75 70 70 6f 72 74 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 69 64 3d 22 6d 65 6e 75 2d 32 31 31 39 2d 31 22 20 63 6c 61 73 73 3d 22 6c
                                                                                                                                                                                                                                                                                      Data Ascii: iew" title="" class="sf-depth-2">BonAView Support</a></li><li id="menu-333-1" class="middle even sf-item-4 sf-depth-2 sf-no-children"><a href="/support/company" title="" class="sf-depth-2">High Motion Software Support</a></li><li id="menu-2119-1" class="l


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      2192.168.2.849726142.250.186.78443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:13 UTC698OUTGET /vi/m4a7nHpFuzw/0.jpg HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: img.youtube.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                      X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIk6HLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC646INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
                                                                                                                                                                                                                                                                                      Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
                                                                                                                                                                                                                                                                                      Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Content-Length: 20688
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      Server: sffe
                                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:13 GMT
                                                                                                                                                                                                                                                                                      Expires: Tue, 08 Oct 2024 00:41:13 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: public, max-age=7200
                                                                                                                                                                                                                                                                                      ETag: "0"
                                                                                                                                                                                                                                                                                      Content-Type: image/jpeg
                                                                                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                                                                                      Age: 0
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC744INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 10 0b 0c 0e 0c 0a 10 0e 0d 0e 12 11 10 13 18 28 1a 18 16 16 18 31 23 25 1d 28 3a 33 3d 3c 39 33 38 37 40 48 5c 4e 40 44 57 45 37 38 50 6d 51 57 5f 62 67 68 67 3e 4d 71 79 70 64 78 5c 65 67 63 01 11 12 12 18 15 18 2f 1a 1a 2f 63 42 38 42 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 ff c0 00 11 08 01 68 01 e0 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 00 01 05 01 01 00 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 ff c4 00 4a 10 00 01 03 02 02 05 07 06 0c 04 05 05 01 01 01 00 01 00 02 03 04 11 12 21 05 13 31 41 51 14 22 52 61 71 91 d1 15 32 81 92 a1 b1 06 23 34 42 53 62
                                                                                                                                                                                                                                                                                      Data Ascii: JFIF(1#%(:3=<9387@H\N@DWE78PmQW_bghg>Mqypdx\egc//cB8Bcccccccccccccccccccccccccccccccccccccccccccccccccch"J!1AQ"Raq2#4BSb
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC1390INData Raw: 40 96 48 9d 64 59 02 59 16 4b 64 59 02 59 16 4b 64 a0 20 6d 92 27 90 92 c8 1a 84 eb 22 c8 1a 84 eb 22 c8 1a 84 b6 4b 64 0d 42 5b 22 c8 11 09 6c 8b 20 44 21 08 04 89 50 81 10 95 08 11 09 50 81 2c 8b 25 48 81 cc 38 1e d7 5a f6 37 5d 34 bf 09 c5 53 c4 4d a7 64 62 42 1b ac 94 dc 36 fb 49 0b 9d a7 87 5f 28 66 2c 22 c5 c4 da f6 00 5c fb 02 b2 dd 15 55 28 0e 85 81 d1 bb 36 b9 cf 6b 6e 2f 61 91 39 5e e1 15 d9 f9 06 9c c0 25 b4 2f b8 b9 73 46 0b f7 2e 53 4f d4 c3 2d 44 74 f4 e3 e2 a9 81 68 38 b1 5c 93 73 9a 87 c9 5a 40 34 0d 5f 34 db 21 2b 4e d3 61 bf 8a 27 d0 f5 90 46 e9 5c c6 98 da 2e 5e 24 6d b6 03 c7 ad 6a e7 95 9a b4 67 ad af 82 55 71 51 e9 d8 5f 33 b0 b5 e0 b2 fc 09 d8 b1 ec a4 a7 85 d3 ce c8 9a 40 2e 36 04 ee 5c f2 9b 9a 27 8a ee ea e1 ab aa d2 d3 96 0b c4
                                                                                                                                                                                                                                                                                      Data Ascii: @HdYYKdYYKd m'""KdB["l D!PP,%H8Z7]4SMdbB6I_(f,"\U(6kn/a9^%/sF.SO-Dth8\sZ@4_4!+Na'F\.^$mjgUqQ_3@.6\'
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC1390INData Raw: 49 e5 97 a4 28 9b 0f 3e 22 0b 77 ac d2 17 41 59 0c 93 34 ea a3 6f e2 37 c5 65 1d 1b 59 7f e1 33 f1 59 e2 bb 71 65 6c f2 e1 cb 8c 97 fc a9 d9 16 57 3c 95 5c 7f da 6f e2 b3 c5 28 d1 15 e4 d8 40 09 ea 95 9e 2b ae e3 8e aa 92 45 a7 fe 1e d2 df c9 9f c4 67 8a 3f c3 da 5a ff 00 23 3f 88 cf 15 4d 33 10 b4 ff 00 c3 da 5b f9 3f fd 8c f1 4d f2 0e 94 fe 57 ff 00 63 3c 54 d9 d6 b3 50 b4 bc 81 a5 7f 95 ff 00 da cf 14 87 41 69 40 2e 69 7f f6 33 c5 37 17 ad fc 67 24 4e 7b 5d 1c 8e 8e 46 96 bd a6 c4 1d c9 11 92 6e 49 64 e4 20 6d 90 9c 90 a0 6a 13 ac 91 05 8d 1e e0 cd 21 4c f7 1b 35 b2 b4 92 77 66 17 73 05 54 75 0f 10 c0 e6 48 e7 6e 06 eb 88 65 14 b2 08 c4 76 7b de 31 06 0b de dc 78 7b 55 8a 6a 5d 25 48 f6 d4 d3 b2 48 9c 00 b3 81 00 d8 82 7d c0 ad e3 9e a6 99 cb 0e d7 6e
                                                                                                                                                                                                                                                                                      Data Ascii: I(>"wAY4o7eY3YqelW<\o(@+Eg?Z#?M3[?MWc<TPAi@.i37g$N{]FnId mj!L5wfsTuHnev{1x{Uj]%HH}n
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC1390INData Raw: a1 b1 37 13 58 01 17 b9 2d 05 50 af 70 a6 89 8e 6c ec 90 3e ed b8 ca c4 64 57 3c 79 70 ca ea 56 ae 36 1f 48 04 92 1c 5e 6b 76 ad da 76 c1 55 4a f2 d9 30 39 9e e5 cb 09 c5 3c 4e 66 2c f1 1b 95 ab a0 aa a3 9d b5 4d d6 35 a0 44 73 27 20 9c d9 f4 c3 68 b4 69 cb 8e 18 aa 23 7b ba 37 da a9 3a 70 5c 63 91 b6 73 4e 60 a7 51 53 d3 72 d6 bb ca 50 3c 83 70 c6 3b 32 78 66 b2 b4 9d 61 f2 bc b8 ed 1b 8b 8d da 4e c5 8e 3e 5e d9 75 da 2f cf 15 dc c7 45 6c 32 6c cf 61 de 13 39 3c df 57 d6 4c 86 7c 74 12 dc ff 00 0d ed 78 ef b1 52 40 1d 3d 31 99 b3 c7 60 d2 e2 33 d8 17 6c b2 98 fb 59 36 4e 4d 37 d5 f5 91 c9 e6 fa be b2 b3 34 0d 64 ae 0d ab 88 46 d6 b4 b9 ef 3b 09 dc 8d 4b 5f 4f 19 8e a2 3d 6b b1 e4 5d 70 eb 70 58 f9 b0 fd 5d 55 6e 4f 37 d5 f5 91 c9 a6 fa be b2 a7 e5 16 f4
                                                                                                                                                                                                                                                                                      Data Ascii: 7X-Ppl>dW<ypV6H^kvvUJ09<Nf,M5Ds' hi#{7:p\csN`QSrP<p;2xfaN>^u/El2la9<WL|txR@=1`3lY6NM74dF;K_O=k]ppX]UnO7
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC1390INData Raw: 3e a8 a3 54 50 41 62 8b 15 3e a8 a3 54 50 14 47 0d 40 2e 20 0b 1d a7 a9 69 c7 51 aa 76 28 e7 0c 77 16 be cb 33 54 51 aa 28 37 ce 93 8e 6a 07 53 d4 16 bd e3 f8 6f c4 2e 14 2d d2 32 b0 82 d9 a2 04 5b 30 1b 7c b2 58 da a2 8d 51 41 ba cd 2f 33 1b 6d 6c 4e e0 4e 1b b7 2b 65 e8 48 34 bd 48 bd aa 58 2f f6 56 1e a8 a3 54 50 6b c9 5f 24 ad c2 f9 98 46 79 5d a3 69 07 de 14 30 38 3b 4a d0 59 c0 da 61 7b 1b ef 0b 3b 54 55 ad 17 1e 1d 29 4a 7f ee b7 de 8a eb 66 24 69 2a b0 36 60 1f d2 17 25 a4 fe 51 1f d8 fd 45 76 13 00 74 95 66 5f 30 7f 40 5c 86 91 f9 43 3e c7 ea 2a c4 c9 4d 09 d6 45 96 98 32 c8 b2 7d 92 15 03 2c 8b 27 24 b2 05 b2 d9 d0 30 3a b1 93 d2 87 01 8b 0b b3 ed 59 b1 53 c9 33 5e e8 db 71 18 c4 ec c0 c9 4d 4c fa ba 29 75 b0 b6 48 de 39 a4 e1 e3 b8 df d0 92 e9
                                                                                                                                                                                                                                                                                      Data Ascii: >TPAb>TPG@. iQv(w3TQ(7jSo.-2[0|XQA/3mlNN+eH4HX/VTPk_$Fy]i08;JYa{;TU)Jf$i*6`%QEvtf_0@\C>*ME2},'$0:YS3^qML)uH9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC1390INData Raw: 5b 62 40 26 c3 f7 4f 9d f3 08 a4 c8 81 cd c2 44 84 97 5c 67 95 d6 3b 27 73 1b 85 93 bd a3 80 36 fc d3 b9 54 bf cc cb eb 7e e9 f1 4f 27 c9 e8 fa db f2 d6 5f 6e ad 9f d2 15 ca 7a bd 6e a2 08 6f 60 db 3c 3c db 2b 6c 07 7e d2 7b 96 66 30 5f 8d cf 2e 77 12 93 e2 fa 4b a7 59 ad 31 bf 3b 6d ba 07 30 8d 6c c3 54 dd e5 a5 a6 dc 2e 72 f6 ac fd 25 56 2a 66 68 69 bb 5a 6f 71 b0 9f 05 56 ec e9 a4 bb 3a 4b 18 71 cc 7d 2e 59 dc bd 98 46 65 25 93 ee de 23 bd 17 6f 11 de ba 30 65 91 64 fb b7 88 ef 45 db c4 77 a0 65 91 64 fb b7 88 ef 45 db c4 77 a0 65 91 64 fb b7 88 ef 45 db c4 20 65 91 64 fb b7 88 45 db c4 20 65 91 64 fb b7 88 45 db c4 2a 19 64 59 3e ed e2 11 76 f1 0a 06 59 16 4f bb 78 84 5d bc 42 06 59 16 4f bb 78 84 5d bc 42 06 59 16 4f bb 78 8e f4 5d bc 47 7a 06 59 16
                                                                                                                                                                                                                                                                                      Data Ascii: [b@&OD\g;'s6T~O'_nzno`<<+l~{f0_.wKY1;m0lT.r%V*fhiZoqV:Kq}.YFe%#o0edEwedEwedE edE edE*dY>vYOx]BYOx]BYOx]GzY
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC1390INData Raw: 1f 2c e7 24 cb c3 a5 3f 2e ab fb 03 fa 02 e5 eb 73 9d 87 ea 7e a2 ba 83 f2 da bf b1 fa 02 e5 2b 5e 04 cc fb 1f a8 ae 91 8c 91 90 9a 53 1d 32 8c c8 9b 67 49 89 4d 25 45 8d 18 d3 6b a4 84 a6 92 99 72 9a 41 2a a6 9a f1 34 c9 33 18 d3 67 39 c0 02 56 83 a8 f5 72 4b 13 e5 89 d3 40 db ba d7 39 5c 0e 1d 61 50 85 fa a9 99 25 af 81 c1 d6 ec 5a 13 57 b5 f4 73 c4 ca 30 c3 35 e4 32 5e e4 02 e1 d5 b2 e2 cb 19 61 8e 53 77 df d3 b7 1f 2e 58 78 fa be d4 4d 34 f5 53 b1 92 88 59 0b 5d 72 5b 99 70 56 f4 b5 49 96 46 30 da cc 19 00 a8 b5 f3 bb e2 d8 f2 6f 95 80 cd 46 dd 9c 57 29 8e 79 65 32 ce fa f4 de 79 71 c9 67 1c f6 7d ee 91 28 6d d2 da cb bb ce 4b 22 9f e5 5f f8 3b dc 96 e9 b0 1f f3 27 ec 3b dc a5 be 16 43 f5 4f 96 a2 51 1e 67 58 ec ad 7d e9 4d 2c cd 17 36 03 89 6a 9f 47
                                                                                                                                                                                                                                                                                      Data Ascii: ,$?.s~+^S2gIM%EkrA*43g9VrK@9\aP%ZWs052^aSw.XxM4SY]r[pVIF0oFW)ye2yqg}(mK"_;';COQgX}M,6jG
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC1390INData Raw: 56 e6 81 6d b6 fe fa d4 a2 9a a0 00 1b 52 2c 3a 86 cb ff 00 79 a7 8a 6a 80 dc ea 2e 6d b6 cb d2 f8 db 45 2b 6a 5a e7 3a 23 7c 9a 00 3b 2f bf f2 4d 6f 2d 26 e4 b4 36 e7 76 7b 72 53 ba 9a 52 6e d9 88 70 6b 46 79 ef cf bd 44 da 1a 86 b8 1e 51 7b 5f 77 13 9a 1b 6d d1 55 36 26 46 d7 c4 c7 34 37 37 19 6c 6f 73 b9 65 d7 36 59 6b 25 74 2f c2 c3 7b 77 a4 6c 12 06 90 f9 71 12 6f 9f 6a 57 40 f2 41 6b 80 c8 83 9f 72 b7 2b 64 8c c9 ab 51 06 ce 31 67 bb 2b 94 d3 ca 86 f0 78 db 82 98 43 2d f3 9f da 81 4f 20 7e 3d 67 0b 0b ed 3b d6 5a d9 b0 89 b0 fc 69 cf a9 4b 62 a2 6d 34 a1 c0 eb 41 b6 d1 c5 2b 69 c8 24 89 7e 76 cb e5 65 34 bd 92 58 a2 c7 8a 68 a7 98 0b 09 6c 06 c4 86 9a 52 05 df 73 d6 77 26 8e c7 d8 f1 51 cf 71 03 f3 dd c6 c9 cd a7 98 3a e6 5b e7 70 12 d4 b4 8a 79 09
                                                                                                                                                                                                                                                                                      Data Ascii: VmR,:yj.mE+jZ:#|;/Mo-&6v{rSRnpkFyDQ{_wmU6&F477lose6Yk%t/{wlqojW@Akr+dQ1g+xC-O ~=g;ZiKbm4A+i$~ve4XhlRsw&Qq:[py
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC1390INData Raw: 1f ac e9 45 eb 23 fc 3f 59 d2 8b d6 59 f9 31 fd 5e 99 7e 33 30 b3 81 ef 28 c2 ce 07 bc ad 3f f0 fd 67 4a 2f 59 1f e1 fa ce 94 5e b2 77 c7 f4 e9 97 e3 33 0b 78 1e f2 8c 2c eb ef 2b 4f c8 15 9d 28 bd 64 79 02 af a5 17 ac 9f 26 3f a7 4c bf 19 98 5b c0 f7 94 61 6f 03 de 56 9f f8 7e b3 a5 17 ac 8f f0 fd 67 4a 2f 59 3e 4c 7f 4e 99 7e 33 30 b3 81 ef 28 c2 de 07 bc ad 3f f0 fd 67 4a 2f 59 1f e1 fa ce 94 5e b2 7c 98 fe 9d 32 fc 66 61 6f 03 de 53 a9 ac 2b a9 ad f4 ac f7 ad 1f f0 fd 67 4a 2f 59 57 92 82 5a 1a fa 41 29 69 2f 91 a4 61 37 de af 69 7d 1d 6c f6 db ff 00 ad ab fb 1f a0 2e 5e b1 df 1c cf b1 fa 8a e9 9a 6f 57 57 f6 07 f4 05 ce 54 e1 d7 33 ec 7e a2 ac 4a a8 ec 4e 0a 23 4e 4a b8 48 4c 73 80 55 95 3e 4c 2e 9e 29 c7 05 2b a4 68 de 9a 66 16 40 d1 00 08 d5 84 9a
                                                                                                                                                                                                                                                                                      Data Ascii: E#?YY1^~30(?gJ/Y^w3x,+O(dy&?L[aoV~gJ/Y>LN~30(?gJ/Y^|2faoS+gJ/YWZA)i/a7i}l.^oWWT3~JN#NJHLsU>L.)+hf@
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC1390INData Raw: a5 6d 48 46 ac 70 53 92 cb 64 a2 73 8e e0 aa 2b 47 49 3c d0 ba 58 d9 89 8d c8 d9 c2 e3 2b ec f4 15 72 0d 34 19 4f 1c 4e a5 64 81 ad 0c 24 bb ce 68 75 ed b3 62 a5 4f 59 35 26 2d 49 68 24 de e6 f9 1b 38 65 eb 15 64 fc 20 ad dc d8 81 26 e4 80 6e 79 d8 ac 73 d9 bb b1 4d ae 96 59 a5 59 03 a1 91 9a 3e 36 1c dc 1d 76 8b 8c c6 e6 8f ec 2a b5 b2 36 49 1b 6a 66 53 98 db ab 73 41 19 b8 6d 25 38 fc 23 ae 31 39 81 b1 0c 4d b5 c0 75 c6 dd 86 fd 68 77 c2 1a d7 3b 15 a2 1d 98 b8 83 c7 a9 05 77 31 cc 76 17 8c 24 6e 28 bd 94 55 15 92 54 d4 3e 69 03 43 9f b6 d7 e1 d6 a2 33 1e 0a 2e 96 f1 a9 b4 7b bf cc bc ff 00 da 7f b9 67 36 57 15 73 46 62 75 4c 80 fd 0b fd c8 35 3e 7c bf 6c fb d4 35 4d 2e a7 7b 5a 01 24 6c 2a 66 83 ac 94 7d 72 9c 45 86 6d 6d 96 91 8e da 59 ad e6 80 7b 54
                                                                                                                                                                                                                                                                                      Data Ascii: mHFpSds+GI<X+r4ONd$hubOY5&-Ih$8ed &nysMYY>6v*6IjfSsAm%8#19Muhw;w1v$n(UT>iC3.{g6WsFbuL5>|l5M.{Z$l*f}rEmmY{T


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      3192.168.2.84972513.32.27.32443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:13 UTC609OUTGET /imbatch/localized.svg HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: badges.crowdin.net
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC537INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Content-Type: image/svg+xml
                                                                                                                                                                                                                                                                                      Content-Length: 875
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:15 GMT
                                                                                                                                                                                                                                                                                      Last-Modified: Sat, 14 Sep 2024 02:28:54 GMT
                                                                                                                                                                                                                                                                                      ETag: "009f2616018e14461c7193c5e6223044"
                                                                                                                                                                                                                                                                                      x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      x-amz-version-id: null
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Server: AmazonS3
                                                                                                                                                                                                                                                                                      X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                      Via: 1.1 f891d17fa862cc74a05434e03fa58dca.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                      X-Amz-Cf-Pop: FRA56-C2
                                                                                                                                                                                                                                                                                      X-Amz-Cf-Id: CIFzIYWi1Qw4wXChznzq3M5PP6gIbUIwxfLdTGL16HW1XXN9-IzKvg==
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC875INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 0a 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 39 37 22 20 68 65 69 67 68 74 3d 22 32 30 22 3e 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 20 69 64 3d 22 61 22 20 78 32 3d 22 30 22 20 79 32 3d 22 31 30 30 25 22 3e 20 20 20 20 20 20 20 20 3c 73 74 6f 70 20 6f 66 66 73 65 74 3d 22 30 22 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 62 62 62 22 20 73 74 6f 70 2d 6f 70 61 63 69 74 79 3d 22 30 2e 31 22 2f 3e 20 20 20 20 20 20 20 20 3c 73 74 6f 70 20 6f 66 66 73 65 74 3d 22 31 22 20 73 74 6f 70 2d 6f 70 61 63 69 74 79 3d 22 30 2e 31 22 2f 3e 20 20 20 20 3c 2f 6c 69 6e 65 61 72 47 72 61 64 69 65
                                                                                                                                                                                                                                                                                      Data Ascii: <?xml version="1.0"?><svg xmlns="http://www.w3.org/2000/svg" width="97" height="20"> <linearGradient id="a" x2="0" y2="100%"> <stop offset="0" stop-color="#bbb" stop-opacity="0.1"/> <stop offset="1" stop-opacity="0.1"/> </linearGradie


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      4192.168.2.849733104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC613OUTGET /modules/system/system.base.css?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: style
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC695INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:14 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                                                                                                      Content-Length: 5428
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 06 Dec 2023 14:25:06 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 03 Nov 2024 00:41:50 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 338364
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xq8ej%2FWXunH266%2FgEyI9jRMBbkO16Eo4F6sPHrxx9VsnoT%2FWHhWv%2FLKvq7Z3qaPh4FkWQRcl0QpncvkH2jWuo2wDNRYYHEMMONRNnnVdi1K1mWXejj9J6j%2FoxNTj6J%2FIU1XT7HaygeznQ2SJFg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165bfb892c324-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC674INData Raw: 0a 2f 2a 2a 0a 20 2a 20 40 66 69 6c 65 0a 20 2a 20 47 65 6e 65 72 69 63 20 74 68 65 6d 65 2d 69 6e 64 65 70 65 6e 64 65 6e 74 20 62 61 73 65 20 73 74 79 6c 65 73 2e 0a 20 2a 2f 0a 0a 2f 2a 2a 0a 20 2a 20 41 75 74 6f 63 6f 6d 70 6c 65 74 65 2e 0a 20 2a 0a 20 2a 20 40 73 65 65 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 2e 6a 73 0a 20 2a 2f 0a 2f 2a 20 53 75 67 67 65 73 74 69 6f 6e 20 6c 69 73 74 20 2a 2f 0a 23 61 75 74 6f 63 6f 6d 70 6c 65 74 65 20 7b 0a 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 3b 0a 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 7a 2d 69 6e 64 65 78 3a 20 31 30 30 3b 0a 7d 0a 23 61 75 74 6f 63 6f 6d 70 6c 65 74 65 20 75 6c 20 7b 0a 20 20 6c 69
                                                                                                                                                                                                                                                                                      Data Ascii: /** * @file * Generic theme-independent base styles. *//** * Autocomplete. * * @see autocomplete.js *//* Suggestion list */#autocomplete { border: 1px solid; overflow: hidden; position: absolute; z-index: 100;}#autocomplete ul { li
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC1369INData Raw: 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 2e 2e 2f 6d 69 73 63 2f 74 68 72 6f 62 62 65 72 2d 61 63 74 69 76 65 2e 67 69 66 29 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 31 30 30 25 20 63 65 6e 74 65 72 3b 20 2f 2a 20 4c 54 52 20 2a 2f 0a 7d 0a 0a 2f 2a 2a 0a 20 2a 20 43 6f 6c 6c 61 70 73 69 62 6c 65 20 66 69 65 6c 64 73 65 74 73 2e 0a 20 2a 0a 20 2a 20 40 73 65 65 20 63 6f 6c 6c 61 70 73 65 2e 6a 73 0a 20 2a 2f 0a 68 74 6d 6c 2e 6a 73 20 66 69 65 6c 64 73 65 74 2e 63 6f 6c 6c 61 70 73 65 64 20 7b 0a 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 77 69 64 74 68 3a 20 30 3b 0a 20 20 62 6f 72 64 65 72 2d 6c 65 66 74 2d 77 69 64 74 68 3a 20 30 3b 0a 20 20 62 6f 72 64 65 72 2d 72 69 67 68 74 2d 77 69 64 74 68 3a 20
                                                                                                                                                                                                                                                                                      Data Ascii: und-image: url(../../misc/throbber-active.gif); background-position: 100% center; /* LTR */}/** * Collapsible fieldsets. * * @see collapse.js */html.js fieldset.collapsed { border-bottom-width: 0; border-left-width: 0; border-right-width:
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC1369INData Raw: 20 77 69 64 74 68 3a 20 31 33 70 78 3b 0a 7d 0a 61 2e 74 61 62 6c 65 64 72 61 67 2d 68 61 6e 64 6c 65 2d 68 6f 76 65 72 20 2e 68 61 6e 64 6c 65 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 36 70 78 20 2d 31 31 70 78 3b 0a 7d 0a 64 69 76 2e 69 6e 64 65 6e 74 61 74 69 6f 6e 20 7b 0a 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 20 2f 2a 20 4c 54 52 20 2a 2f 0a 20 20 68 65 69 67 68 74 3a 20 31 2e 37 65 6d 3b 0a 20 20 6d 61 72 67 69 6e 3a 20 2d 30 2e 34 65 6d 20 30 2e 32 65 6d 20 2d 30 2e 34 65 6d 20 2d 30 2e 34 65 6d 3b 20 2f 2a 20 4c 54 52 20 2a 2f 0a 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 34 32 65 6d 20 30 20 30 2e 34 32 65 6d 20 30 2e 36 65 6d 3b 20 2f 2a 20 4c 54 52 20 2a 2f 0a 20 20 77 69 64 74 68 3a 20 32 30 70 78 3b 0a 7d
                                                                                                                                                                                                                                                                                      Data Ascii: width: 13px;}a.tabledrag-handle-hover .handle { background-position: 6px -11px;}div.indentation { float: left; /* LTR */ height: 1.7em; margin: -0.4em 0.2em -0.4em -0.4em; /* LTR */ padding: 0.42em 0 0.42em 0.6em; /* LTR */ width: 20px;}
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC1369INData Raw: 3a 20 31 36 65 6d 3b 0a 7d 0a 0a 2f 2a 2a 0a 20 2a 20 49 6e 6c 69 6e 65 20 69 74 65 6d 73 2e 0a 20 2a 2f 0a 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6e 6c 69 6e 65 20 64 69 76 2c 0a 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6e 6c 69 6e 65 20 6c 61 62 65 6c 20 7b 0a 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 3b 0a 7d 0a 2f 2a 20 46 69 65 6c 64 73 65 74 20 63 6f 6e 74 65 6e 74 73 20 61 6c 77 61 79 73 20 6e 65 65 64 20 74 6f 20 62 65 20 72 65 6e 64 65 72 65 64 20 61 73 20 62 6c 6f 63 6b 2e 20 2a 2f 0a 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6e 6c 69 6e 65 20 2e 66 69 65 6c 64 73 65 74 2d 77 72 61 70 70 65 72 20 7b 0a 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 7d 0a 0a 2f 2a 2a 0a 20 2a 20 50 72 65 76 65 6e 74 20 74 65 78 74 20 77 72 61 70 70 69 6e 67 2e
                                                                                                                                                                                                                                                                                      Data Ascii: : 16em;}/** * Inline items. */.container-inline div,.container-inline label { display: inline;}/* Fieldset contents always need to be rendered as block. */.container-inline .fieldset-wrapper { display: block;}/** * Prevent text wrapping.
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC647INData Raw: 2f 2a 2a 0a 20 2a 20 54 68 65 20 2e 65 6c 65 6d 65 6e 74 2d 66 6f 63 75 73 61 62 6c 65 20 63 6c 61 73 73 20 65 78 74 65 6e 64 73 20 74 68 65 20 2e 65 6c 65 6d 65 6e 74 2d 69 6e 76 69 73 69 62 6c 65 20 63 6c 61 73 73 20 74 6f 20 61 6c 6c 6f 77 0a 20 2a 20 74 68 65 20 65 6c 65 6d 65 6e 74 20 74 6f 20 62 65 20 66 6f 63 75 73 61 62 6c 65 20 77 68 65 6e 20 6e 61 76 69 67 61 74 65 64 20 74 6f 20 76 69 61 20 74 68 65 20 6b 65 79 62 6f 61 72 64 2e 0a 20 2a 2f 0a 2e 65 6c 65 6d 65 6e 74 2d 69 6e 76 69 73 69 62 6c 65 2e 65 6c 65 6d 65 6e 74 2d 66 6f 63 75 73 61 62 6c 65 3a 61 63 74 69 76 65 2c 0a 2e 65 6c 65 6d 65 6e 74 2d 69 6e 76 69 73 69 62 6c 65 2e 65 6c 65 6d 65 6e 74 2d 66 6f 63 75 73 61 62 6c 65 3a 66 6f 63 75 73 20 7b 0a 20 20 70 6f 73 69 74 69 6f 6e 3a 20
                                                                                                                                                                                                                                                                                      Data Ascii: /** * The .element-focusable class extends the .element-invisible class to allow * the element to be focusable when navigated to via the keyboard. */.element-invisible.element-focusable:active,.element-invisible.element-focusable:focus { position:


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      5192.168.2.849731104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC614OUTGET /modules/system/system.menus.css?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: style
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC686INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:14 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                                                                                                      Content-Length: 2035
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 06 Dec 2023 14:25:06 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 16:15:41 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2183133
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EmTfQ2vHK091zld98UY1cp5Cgkdb0Mz4hyRC%2FiNCtiL237Xeu8rKdZBc9M24d36bpdTwEdfMREL5OPI77M9pRRu4skuH3EubhlYNorHKlYrZgmJXpL0PoeKpZlz3o7iLxrFK7vzRdzhTmaNAmw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165bfccbd32fc-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC683INData Raw: 0a 2f 2a 2a 0a 20 2a 20 40 66 69 6c 65 0a 20 2a 20 53 74 79 6c 65 73 20 66 6f 72 20 6d 65 6e 75 73 20 61 6e 64 20 6e 61 76 69 67 61 74 69 6f 6e 20 6d 61 72 6b 75 70 2e 0a 20 2a 2f 0a 0a 2f 2a 2a 0a 20 2a 20 4d 61 72 6b 75 70 20 67 65 6e 65 72 61 74 65 64 20 62 79 20 74 68 65 6d 65 5f 6d 65 6e 75 5f 74 72 65 65 28 29 2e 0a 20 2a 2f 0a 75 6c 2e 6d 65 6e 75 20 7b 0a 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 6c 69 73 74 2d 73 74 79 6c 65 3a 20 6e 6f 6e 65 3b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 20 2f 2a 20 4c 54 52 20 2a 2f 0a 7d 0a 75 6c 2e 6d 65 6e 75 20 6c 69 20 7b 0a 20 20 6d 61 72 67 69 6e 3a 20 30 20 30 20 30 20 30 2e 35 65 6d 3b 20 2f 2a 20 4c 54 52 20 2a 2f 0a 7d 0a 75 6c 20 6c 69 2e 65 78 70 61 6e 64 65 64 20 7b 0a
                                                                                                                                                                                                                                                                                      Data Ascii: /** * @file * Styles for menus and navigation markup. *//** * Markup generated by theme_menu_tree(). */ul.menu { border: none; list-style: none; text-align: left; /* LTR */}ul.menu li { margin: 0 0 0 0.5em; /* LTR */}ul li.expanded {
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC1352INData Raw: 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 63 63 63 3b 0a 7d 0a 0a 2f 2a 2a 0a 20 2a 20 4d 61 72 6b 75 70 20 67 65 6e 65 72 61 74 65 64 20 62 79 20 74 68 65 6d 65 5f 6c 69 6e 6b 73 28 29 2e 0a 20 2a 2f 0a 75 6c 2e 69 6e 6c 69 6e 65 2c 0a 75 6c 2e 6c 69 6e 6b 73 2e 69 6e 6c 69 6e 65 20 7b 0a 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 3b 0a 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 3b 0a 7d 0a 75 6c 2e 69 6e 6c 69 6e 65 20 6c 69 20 7b 0a 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 3b 0a 20 20 6c 69 73 74 2d 73 74 79 6c 65 2d 74 79 70 65 3a 20 6e 6f 6e 65 3b 0a 20 20 70 61 64 64 69 6e 67 3a 20 30 20 30 2e 35 65 6d 3b 0a 7d 0a 0a 2f 2a 2a 0a 20 2a 20 4d 61 72 6b 75 70 20 67 65 6e 65 72 61 74 65 64 20 62 79 20 74 68 65 6d 65 5f 62 72
                                                                                                                                                                                                                                                                                      Data Ascii: background: #ccc;}/** * Markup generated by theme_links(). */ul.inline,ul.links.inline { display: inline; padding-left: 0;}ul.inline li { display: inline; list-style-type: none; padding: 0 0.5em;}/** * Markup generated by theme_br


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      6192.168.2.849730104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC617OUTGET /modules/system/system.messages.css?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: style
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC695INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:14 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                                                                                                      Content-Length: 961
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 06 Dec 2023 14:25:06 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 14:53:27 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2188067
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jMQxKrmgzdQe%2BwReRFBtbbs4doloy8tM22FnW0o4GRkm%2F9zo22k9Iws91kBCG%2FegkAQSn5cZ%2BXgVxys9bn3ys%2F1sQPK83Jq2zke6R5eRLOw5lqAdK4Xt1FfZgt41ytKsn8430qIR%2BUF1ekaNrw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165bfc8aa5e64-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC674INData Raw: 0a 2f 2a 2a 0a 20 2a 20 40 66 69 6c 65 0a 20 2a 20 53 74 79 6c 65 73 20 66 6f 72 20 73 79 73 74 65 6d 20 6d 65 73 73 61 67 65 73 2e 0a 20 2a 2f 0a 0a 64 69 76 2e 6d 65 73 73 61 67 65 73 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 38 70 78 20 38 70 78 3b 20 2f 2a 20 4c 54 52 20 2a 2f 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 3b 0a 20 20 6d 61 72 67 69 6e 3a 20 36 70 78 20 30 3b 0a 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 20 31 30 70 78 20 31 30 70 78 20 35 30 70 78 3b 20 2f 2a 20 4c 54 52 20 2a 2f 0a 7d 0a 0a 64 69 76 2e 73 74 61 74 75 73 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20
                                                                                                                                                                                                                                                                                      Data Ascii: /** * @file * Styles for system messages. */div.messages { background-position: 8px 8px; /* LTR */ background-repeat: no-repeat; border: 1px solid; margin: 6px 0; padding: 10px 10px 10px 50px; /* LTR */}div.status { background-image:
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC287INData Raw: 6f 72 2e 70 6e 67 29 3b 0a 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 65 64 35 34 31 64 3b 0a 7d 0a 64 69 76 2e 65 72 72 6f 72 2c 0a 2e 65 72 72 6f 72 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 38 63 32 65 30 62 3b 0a 7d 0a 64 69 76 2e 65 72 72 6f 72 2c 0a 74 61 62 6c 65 20 74 72 2e 65 72 72 6f 72 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 65 66 35 66 31 3b 0a 7d 0a 64 69 76 2e 65 72 72 6f 72 20 70 2e 65 72 72 6f 72 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 7d 0a 0a 64 69 76 2e 6d 65 73 73 61 67 65 73 20 75 6c 20 7b 0a 20 20 6d 61 72 67 69 6e 3a 20 30 20 30 20 30 20 31 65 6d 3b 20 2f 2a 20 4c 54 52 20 2a 2f 0a 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 64 69 76 2e 6d 65 73 73 61 67 65 73 20 75 6c 20 6c
                                                                                                                                                                                                                                                                                      Data Ascii: or.png); border-color: #ed541d;}div.error,.error { color: #8c2e0b;}div.error,table tr.error { background-color: #fef5f1;}div.error p.error { color: #333;}div.messages ul { margin: 0 0 0 1em; /* LTR */ padding: 0;}div.messages ul l


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      7192.168.2.849732104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC614OUTGET /modules/system/system.theme.css?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: style
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC692INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:14 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                                                                                                      Content-Length: 3711
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 06 Dec 2023 14:25:06 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 14:53:37 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2188057
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ql3p46ZZg9z7mqmQTKwi1iiUe8hV0MY5AnlRtIiqZggRYR6Tr%2FTW43nLY64h6DR5%2BSFoNvYjZvZHAqYHDrEzjXlat17lg74pDDs9k4TutoxoQ%2BlJdkMGI5IbrEPM%2FWOWcZpL3ZHg1r7yWIjw4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165bfce15c3fd-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC677INData Raw: 0a 2f 2a 2a 0a 20 2a 20 40 66 69 6c 65 0a 20 2a 20 42 61 73 69 63 20 73 74 79 6c 69 6e 67 20 66 6f 72 20 63 6f 6d 6d 6f 6e 20 6d 61 72 6b 75 70 2e 0a 20 2a 2f 0a 0a 2f 2a 2a 0a 20 2a 20 48 54 4d 4c 20 65 6c 65 6d 65 6e 74 73 2e 0a 20 2a 2f 0a 66 69 65 6c 64 73 65 74 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 65 6d 3b 0a 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 3b 0a 7d 0a 66 6f 72 6d 20 7b 0a 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 68 72 20 7b 0a 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 67 72 61 79 3b 0a 20 20 68 65 69 67 68 74 3a 20 31 70 78 3b 0a 7d 0a 69 6d 67 20 7b 0a 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 74 61 62 6c 65 20 7b 0a 20 20 62 6f 72 64 65 72
                                                                                                                                                                                                                                                                                      Data Ascii: /** * @file * Basic styling for common markup. *//** * HTML elements. */fieldset { margin-bottom: 1em; padding: 0.5em;}form { margin: 0; padding: 0;}hr { border: 1px solid gray; height: 1px;}img { border: 0;}table { border
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC1369INData Raw: 65 6e 65 72 61 74 65 64 20 62 79 20 74 68 65 6d 65 5f 69 74 65 6d 5f 6c 69 73 74 28 29 2e 0a 20 2a 2f 0a 2e 69 74 65 6d 2d 6c 69 73 74 20 2e 74 69 74 6c 65 20 7b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 2e 69 74 65 6d 2d 6c 69 73 74 20 75 6c 20 7b 0a 20 20 6d 61 72 67 69 6e 3a 20 30 20 30 20 30 2e 37 35 65 6d 20 30 3b 0a 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 2e 69 74 65 6d 2d 6c 69 73 74 20 75 6c 20 6c 69 20 7b 0a 20 20 6d 61 72 67 69 6e 3a 20 30 20 30 20 30 2e 32 35 65 6d 20 31 2e 35 65 6d 3b 20 2f 2a 20 4c 54 52 20 2a 2f 0a 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 2f 2a 2a 0a 20 2a 20 4d 61 72 6b 75 70 20 67 65 6e 65 72 61 74 65 64 20 62 79 20 46 6f 72 6d 20 41 50 49 2e 0a 20 2a 2f 0a 2e 66 6f 72 6d 2d
                                                                                                                                                                                                                                                                                      Data Ascii: enerated by theme_item_list(). */.item-list .title { font-weight: bold;}.item-list ul { margin: 0 0 0.75em 0; padding: 0;}.item-list ul li { margin: 0 0 0.25em 1.5em; /* LTR */ padding: 0;}/** * Markup generated by Form API. */.form-
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC1369INData Raw: 2f 68 65 6c 70 2e 70 6e 67 29 20 30 20 35 30 25 20 6e 6f 2d 72 65 70 65 61 74 3b 20 2f 2a 20 4c 54 52 20 2a 2f 0a 20 20 70 61 64 64 69 6e 67 3a 20 31 70 78 20 30 20 31 70 78 20 32 30 70 78 3b 20 2f 2a 20 4c 54 52 20 2a 2f 0a 7d 0a 0a 2f 2a 2a 0a 20 2a 20 4d 61 72 6b 75 70 20 67 65 6e 65 72 61 74 65 64 20 62 79 20 74 68 65 6d 65 5f 70 61 67 65 72 28 29 2e 0a 20 2a 2f 0a 2e 69 74 65 6d 2d 6c 69 73 74 20 2e 70 61 67 65 72 20 7b 0a 20 20 63 6c 65 61 72 3a 20 62 6f 74 68 3b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 69 74 65 6d 2d 6c 69 73 74 20 2e 70 61 67 65 72 20 6c 69 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 6e 6f 6e 65 3b 0a 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 3b 0a 20 20 6c 69
                                                                                                                                                                                                                                                                                      Data Ascii: /help.png) 0 50% no-repeat; /* LTR */ padding: 1px 0 1px 20px; /* LTR */}/** * Markup generated by theme_pager(). */.item-list .pager { clear: both; text-align: center;}.item-list .pager li { background-image: none; display: inline; li
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC296INData Raw: 0a 20 2a 0a 20 2a 20 40 73 65 65 20 70 72 6f 67 72 65 73 73 2e 6a 73 0a 20 2a 2f 0a 2e 70 72 6f 67 72 65 73 73 20 7b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 2e 70 72 6f 67 72 65 73 73 20 2e 62 61 72 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 63 63 63 3b 0a 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 36 36 36 3b 0a 20 20 6d 61 72 67 69 6e 3a 20 30 20 30 2e 32 65 6d 3b 0a 20 20 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 33 70 78 3b 0a 20 20 2d 77 65 62 6b 69 74 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 33 70 78 3b 0a 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 33 70 78 3b 0a 7d 0a 2e 70 72 6f 67 72 65 73 73 20 2e 66 69 6c 6c 65 64 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a
                                                                                                                                                                                                                                                                                      Data Ascii: * * @see progress.js */.progress { font-weight: bold;}.progress .bar { background: #ccc; border-color: #666; margin: 0 0.2em; -moz-border-radius: 3px; -webkit-border-radius: 3px; border-radius: 3px;}.progress .filled { background:


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      8192.168.2.849734104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC610OUTGET /modules/comment/comment.css?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: style
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC688INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:14 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                                                                                                      Content-Length: 184
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 06 Dec 2023 14:25:06 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 27 Oct 2024 05:22:26 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 926328
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ft88O8MY8kmgPgvpQWJvRVHfJnpF3mhjtf%2FN1s%2BxU0vg6vMhh2LjFBHxXldF2lOyfWlSfaeBGZzNowyJVRyo14xoWfA2nfjxStxYJPKimGvlFzHlN8uI9pRt9mOaF2GoZ%2BvnTRFRPlEjCBvZ2g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165bfcbbd8c6b-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC184INData Raw: 0a 23 63 6f 6d 6d 65 6e 74 73 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 35 70 78 3b 0a 7d 0a 2e 69 6e 64 65 6e 74 65 64 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 32 35 70 78 3b 20 2f 2a 20 4c 54 52 20 2a 2f 0a 7d 0a 2e 63 6f 6d 6d 65 6e 74 2d 75 6e 70 75 62 6c 69 73 68 65 64 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 34 66 34 3b 0a 7d 0a 2e 63 6f 6d 6d 65 6e 74 2d 70 72 65 76 69 65 77 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 65 61 3b 0a 7d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: #comments { margin-top: 15px;}.indented { margin-left: 25px; /* LTR */}.comment-unpublished { background-color: #fff4f4;}.comment-preview { background-color: #ffffea;}


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      9192.168.2.849729104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC612OUTGET /modules/field/theme/field.css?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: style
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC701INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:14 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                                                                                                      Content-Length: 550
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 06 Dec 2023 14:25:06 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 14:53:17 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2188077
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LHWUuh2KL1HarRW5xr9i%2FoinJUG%2BX%2BbJuZzIOhfjA71rAb%2B%2FcXQ%2BVnBK7NlWOAfDjsdduib7Sh%2BlLxF0Be2x6I4zsY3SFGy32XQ4%2BPI9wjio868jsV0SHFNs6cYIehdaOOD%2Fg4GKVuzUjubqhw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165bfce887d0b-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC550INData Raw: 0a 2f 2a 20 46 69 65 6c 64 20 64 69 73 70 6c 61 79 20 2a 2f 0a 2e 66 69 65 6c 64 20 2e 66 69 65 6c 64 2d 6c 61 62 65 6c 20 7b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 2e 66 69 65 6c 64 2d 6c 61 62 65 6c 2d 69 6e 6c 69 6e 65 20 2e 66 69 65 6c 64 2d 6c 61 62 65 6c 2c 0a 2e 66 69 65 6c 64 2d 6c 61 62 65 6c 2d 69 6e 6c 69 6e 65 20 2e 66 69 65 6c 64 2d 69 74 65 6d 73 20 7b 0a 20 20 66 6c 6f 61 74 3a 6c 65 66 74 3b 20 2f 2a 4c 54 52 2a 2f 0a 7d 0a 0a 2f 2a 20 46 6f 72 6d 20 64 69 73 70 6c 61 79 20 2a 2f 0a 66 6f 72 6d 20 2e 66 69 65 6c 64 2d 6d 75 6c 74 69 70 6c 65 2d 74 61 62 6c 65 20 7b 0a 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 7d 0a 66 6f 72 6d 20 2e 66 69 65 6c 64 2d 6d 75 6c 74 69 70 6c 65 2d 74 61 62 6c 65 20 74 68 2e 66 69
                                                                                                                                                                                                                                                                                      Data Ascii: /* Field display */.field .field-label { font-weight: bold;}.field-label-inline .field-label,.field-label-inline .field-items { float:left; /*LTR*/}/* Form display */form .field-multiple-table { margin: 0;}form .field-multiple-table th.fi


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      10192.168.2.849735142.250.186.78443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:14 UTC698OUTGET /vi/gMkjyUNksR4/0.jpg HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: img.youtube.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                      X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIk6HLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC646INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
                                                                                                                                                                                                                                                                                      Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
                                                                                                                                                                                                                                                                                      Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Content-Length: 18129
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      Server: sffe
                                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:14 GMT
                                                                                                                                                                                                                                                                                      Expires: Tue, 08 Oct 2024 00:41:14 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: public, max-age=7200
                                                                                                                                                                                                                                                                                      ETag: "0"
                                                                                                                                                                                                                                                                                      Content-Type: image/jpeg
                                                                                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                                                                                      Age: 0
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC744INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 10 0b 0c 0e 0c 0a 10 0e 0d 0e 12 11 10 13 18 28 1a 18 16 16 18 31 23 25 1d 28 3a 33 3d 3c 39 33 38 37 40 48 5c 4e 40 44 57 45 37 38 50 6d 51 57 5f 62 67 68 67 3e 4d 71 79 70 64 78 5c 65 67 63 01 11 12 12 18 15 18 2f 1a 1a 2f 63 42 38 42 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 ff c0 00 11 08 01 68 01 e0 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 00 01 05 01 01 00 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 ff c4 00 4d 10 00 01 03 02 03 02 0b 04 06 07 07 03 02 07 00 00 01 00 02 03 04 11 05 12 21 13 31 14 15 41 51 53 54 61 91 92 a1 d1 16 22 52 71 06 32 62 81 b1 e1
                                                                                                                                                                                                                                                                                      Data Ascii: JFIF(1#%(:3=<9387@H\N@DWE78PmQW_bghg>Mqypdx\egc//cB8Bcccccccccccccccccccccccccccccccccccccccccccccccccch"M!1AQSTa"Rq2b
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC1390INData Raw: 9f 64 a0 2a 19 64 59 49 95 25 91 0c b2 2c 9f 64 59 03 2c 8b 27 d9 16 54 47 64 59 3e c8 b2 06 59 16 4f b2 4b 20 6a 4b 27 90 80 10 32 c8 b2 72 10 36 c9 2c 9d 64 a8 19 64 59 3f 95 16 40 cb 21 39 0a 06 59 16 4e 42 06 a1 3a c8 b2 06 d9 16 4e b2 2c 81 89 13 ec 8b 20 65 92 a5 b2 08 45 36 c8 b2 75 92 20 4b 22 c9 52 59 40 89 13 ac 8b 20 d1 a5 cb 13 f3 38 13 6d c0 1b 2d b9 7e 90 0a a7 88 85 3b 18 1e 40 da 48 6e 1b ce 6c 92 b7 0a 63 1f cc 35 2e fb 85 ff 00 92 a4 70 d9 8f f7 6c 69 07 76 67 b4 1d f6 1b cf 39 0b 94 4b ac c3 a5 38 05 39 80 4d 96 17 dc 5c b9 a3 25 fb 97 3b 8a d4 44 fa 88 e0 a7 67 e8 e9 c1 68 39 b3 5e e6 e7 55 0f 17 56 0b 7e 8c 16 9b 68 24 6e b7 36 1c bc e9 d2 61 f5 50 35 d2 e4 68 89 a2 e5 cd 90 5b 70 f5 5b ef 69 8c 99 4c 85 37 b4 de c4 58 f3 2d 7f a2 f2
                                                                                                                                                                                                                                                                                      Data Ascii: d*dYI%,dY,'TGdY>YOK jK'2r6,ddY?@!9YNB:N, eE6u K"RY@ 8m-~;@Hnlc5.plivg9K89M\%;Dgh9^UV~h$n6aP5h[p[iL7X-
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC1390INData Raw: 7b 4d 8b 5c d5 ea 97 58 5f 4a 30 c8 6a 69 0d 48 f7 6a 19 f5 4b 46 ae ec 5d 1c de 7f 3d 4d 51 73 72 dd bd a3 95 49 4a d9 24 24 17 1e 75 af 0e 09 5d 6f d3 51 54 1f 95 bd 51 2e 07 88 37 fb 8a 29 88 3b ef 60 55 18 e7 6a 5c 5a 35 e4 4b 15 13 de 6e e0 42 d2 6e 0d 8b 83 7e 01 2f dd 6f 55 7e 0a 2c 51 8c cb 25 04 a7 b7 45 75 18 dc 10 30 5f 70 0a ec 2e cf 4d 91 b7 12 34 68 56 8b f0 ca b7 c7 6e 07 28 3c ba 2a 4f c2 71 36 b8 ec e8 a6 b7 dd ea ae a6 1b 48 1e f8 88 3a 9b ef 2a 12 d1 4e 7f 49 35 de 79 15 d8 f0 dc 52 36 7f 83 97 e5 a7 aa aa ec 1b 14 cf 9b 8b e5 71 ed b7 aa ba 88 27 aa 86 21 7b dc 9e 65 55 f8 80 7b 43 5a c1 f3 56 e6 c0 b1 57 80 1b 87 4b e5 ea ab 9f a3 98 c7 26 1f 2f 78 f5 4d 31 9f 23 89 3f 59 34 59 69 0f a3 98 c7 fa 7c bd e3 d5 28 fa 3b 8c 75 09 7c bd 55
                                                                                                                                                                                                                                                                                      Data Ascii: {M\X_J0jiHjKF]=MQsrIJ$$u]oQTQ.7);`Uj\Z5KnBn~/oU~,Q%Eu0_p.M4hVn(<*Oq6H:*NI5yR6q'!{eU{CZVWK&/xM1#?Y4Yi|(;u|U
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC1390INData Raw: 37 c7 f9 20 df e1 85 2f 0c 72 e7 f8 dd dd 03 7c 7f 92 38 dd dd 03 7c 7f 92 0d fe 18 e4 70 c7 2c 1e 36 77 40 df 1f e4 8e 36 77 40 df 1f e4 83 7f 86 3b 9d 1c 31 cb 03 8d 9d d0 37 c7 f9 23 8d 9d d0 37 c7 f9 20 df e1 8e 47 0c 72 c0 e3 67 74 0d f1 fe 48 e3 67 74 0d f1 fe 48 37 f8 63 91 c3 0a c0 e3 67 74 0d f1 fe 48 e3 67 74 0d f1 fe 48 37 f8 61 49 c3 0a c1 e3 67 74 0d f1 fe 48 e3 67 74 0d f1 fe 48 37 f8 63 92 1a c7 73 ac 1e 36 77 40 df 1f e4 8e 36 77 42 df 1f e4 83 7b 86 3b b5 57 92 a6 c0 48 75 2e 24 13 6b db 98 2c 9e 35 77 42 df 1f e4 91 b8 ab da ec cd 88 03 d9 27 e4 b3 68 9b 46 44 e0 da 13 3e 38 c0 b9 60 78 06 db b2 dc ea 9a d9 73 d4 6c 43 2d ef 5b 46 ee 1c f7 59 0e c5 de f2 4b a2 04 9e 77 fe 49 5b 8c 48 c6 e5 6b 2c 39 b6 87 d1 49 ac ce 79 1a ee a9 73 9a 73
                                                                                                                                                                                                                                                                                      Data Ascii: 7 /r|8|p,6w@6w@;17#7 GrgtHgtH7cgtHgtH7aIgtHgtH7cs6w@6wB{;WHu.$k,5wB'hFD>8`xslC-[FYKwI[Hk,9Iyss
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC1390INData Raw: 8d 6c a0 92 b2 df 50 2a d2 54 bd e7 52 9a ab 8f 95 8d dd aa 81 d5 1c ca b1 90 94 dc ea 68 f4 29 69 e3 68 d5 54 31 17 dc 31 a4 5f 95 6d 98 1a 75 df f3 51 d4 3c d3 53 39 c0 b8 6b ae 5e 6b 2f 99 c7 4e d3 8f a1 7b f5 8d 86 30 6e c8 80 e1 21 b6 e2 01 53 70 90 c9 4b 8b 0d ed b9 dc aa cb 29 9b 50 f1 23 fd f0 45 c1 29 92 51 bd ef 3b 83 4a b7 ac 57 d1 4b cd bd 9c 2b e0 ca 2c cd 1c 77 5b 72 77 f6 67 10 df ab da 0a ae 69 5b 16 99 6e b2 b1 89 df 04 2d 8e 2d 24 95 e1 8d 3c d7 5c e2 35 b9 9c 86 96 21 88 61 54 ce c9 2c ad 73 86 f6 8d 55 48 6a 69 2a 99 19 a5 73 7d d9 5b 76 83 ae fe 65 1c 91 43 85 52 c6 ca 68 1b 35 5c ba 0b 8b b9 d6 d4 9f 92 1f 49 47 51 35 0e 25 4a c6 c6 e3 23 6f 93 4c c0 ef 04 29 4e 6a cd a3 ea 59 b4 4e 4c 39 ac 5e e3 19 aa 3c d2 95 97 c2 08 5b 18 b4 64
                                                                                                                                                                                                                                                                                      Data Ascii: lP*TRh)ihT11_muQ<S9k^k/N{0n!SpK)P#E)Q;JWK+,w[rwgi[n--$<\5!aT,sUHji*s}[veCRh5\IGQ5%J#oL)NjYNL9^<[d
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC1390INData Raw: 5d ad 1c 64 9e 52 4f aa c8 e3 59 3a 47 77 ad aa 49 cc b0 46 e7 1d 4b 7d 15 e3 e6 af 27 8a a5 f8 e6 9e d1 1c 0b 07 06 c6 92 1b fc cf aa 38 8f 06 ea 90 f7 9f 55 14 4e 6c 95 b3 b5 e7 46 9e 75 25 53 62 8e 9d ef 63 bd e0 2e 35 5d 3b 78 d6 73 ce 1d c4 18 41 17 14 51 11 d9 7f 54 ff 00 67 b0 8e a5 1f 79 f5 45 04 b9 a9 18 79 f5 56 1f 3d b4 0a c4 ec 6a 67 9c 57 f6 7b 08 ea 51 f7 9f 54 7b 3d 84 75 28 fb cf aa 90 cd ce 53 d9 29 bd b9 12 27 49 84 1e ce e1 1d 46 3e f3 ea 8f 67 70 8e a3 1f 79 f5 57 04 9a 23 68 b5 88 a7 ec ee 11 d4 63 ef 3e a8 f6 77 08 ea 31 f7 9f 55 73 68 8d a2 60 a7 ec ee 11 d4 63 ef 3e a8 f6 77 08 ea 31 f7 9f 55 73 68 8d a2 60 a7 ec ee 11 d4 63 ef 3e a8 f6 77 08 ea 31 f7 9f 55 73 68 8d a2 60 a7 ec ee 11 d4 63 ef 3e a8 f6 77 08 ea 31 f7 9f 55 73 68 8d
                                                                                                                                                                                                                                                                                      Data Ascii: ]dROY:GwIFK}'8UNlFu%Sbc.5];xsAQTgyEyV=jgW{QT{=u(S)'IF>gpyW#hc>w1Ush`c>w1Ush`c>w1Ush`c>w1Ush
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC1390INData Raw: 0b 74 26 06 51 39 f2 c5 9d c6 67 80 00 b9 3e f2 94 cf 4d 93 30 a3 76 62 6c d6 96 8d 7b ae a8 c5 2e ce 90 f6 4e e3 e6 56 15 24 d5 b0 b4 31 d4 ed 2d cd ad c8 ef e7 5d a6 71 c6 77 3c 3b 0a 73 4d 2b 5d 9a 9d ac 73 4d 9c d2 37 29 84 54 a4 9f d0 34 7d cb 1f 0b 98 ec 1e e7 02 1c 4e b7 f9 29 cc ef 12 38 81 a1 29 59 9c f2 b1 fe b4 44 54 a7 fc 86 83 f2 40 8e 97 a0 6f 72 a5 14 e6 fa e8 a3 7c ee cf 71 cd 65 a2 5a 02 3a 52 7f b8 60 be ed 13 9d 05 33 7f c9 69 f9 05 42 39 c9 70 be 8a 47 d4 68 90 b3 fe 2d 6c e9 7a 16 8f 98 40 8a 92 c4 ec 99 a7 62 cd 6c ef 02 c4 29 59 35 a3 28 8b bb 3a 5e 80 0f b9 28 86 94 9b 6c 5b 7f 92 cc 33 bf 3b b4 b8 25 4d 14 e6 e4 9d e8 2f 70 6a 6e 89 9d c8 e0 d4 dd 13 3b 95 5e 11 da 97 84 2a 2c f0 6a 6e 89 9d c8 e0 d4 dd 13 3b 95 6e 10 8e 10 82 cf
                                                                                                                                                                                                                                                                                      Data Ascii: t&Q9g>M0vbl{.NV$1-]qw<;sM+]sM7)T4}N)8)YDT@or|qeZ:R`3iB9pGh-lz@bl)Y5(:^(l[3;%M/pjn;^*,jn;n
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC1390INData Raw: fd 52 71 ed 47 47 1f 9f aa ea a7 d8 c5 19 7e c5 a4 dc 0b 91 7e f4 c3 35 33 59 1b 9f 0b 46 d3 77 ba 17 48 b7 9c fd a6 39 8e 3d a8 e8 d9 e7 ea 93 8f 6a 3a 38 fc fd 57 4c 6a 68 47 ea b3 93 f5 39 ff 00 f0 a4 85 d4 93 82 62 63 1d 6d fe ee e5 a4 72 bc 79 3f 47 1f 9f aa 38 f2 7e 8e 3f 3f 55 d7 6c a1 e8 99 e1 46 ce 1e 89 9d c8 39 1e 3c a8 e8 e3 f3 f5 47 1e 54 74 71 f9 fa ae bf 67 0f 44 cf 08 46 ce 1e 89 9e 10 8a e4 38 f2 7e 8a 3f 3f 54 71 e5 47 47 1f 9f aa eb f6 70 f4 4c f0 84 6c e1 e8 99 e1 08 63 90 e3 ca 8e 8e 3f 3f 54 71 e5 47 47 1f 9f aa eb f2 43 d1 33 c2 12 6c e1 e8 99 e1 08 63 91 e3 c9 fa 38 fc fd 51 c7 93 f4 71 f9 fa ae bb 67 0f 44 cf 08 46 ce 1e 89 9d c8 39 1e 3c 9f a3 8f cf d5 1c 79 3f 47 1f 9f aa eb b6 70 f4 4c ee 09 76 70 f4 4c f0 84 47 1c fc 66 59 18
                                                                                                                                                                                                                                                                                      Data Ascii: RqGG~~53YFwH9=j:8WLjhG9bcmry?G8~??UlF9<GTtqgDF8~??TqGGpLlc??TqGGC3lc8QqgDF9<y?GpLvpLGfY
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC1390INData Raw: db 13 cd 33 e1 43 10 ff 00 1d 37 fb cf e2 ab ab 18 87 f8 e9 bf de 7f 15 5d 7a 5c 42 10 84 02 10 84 02 10 84 02 10 84 02 10 84 02 10 84 02 10 84 02 10 84 02 10 84 02 1d bc 7f 5c 88 48 ed ed 41 76 9a 82 17 d2 89 64 99 ec 19 83 05 b3 3b 5b 7c d4 7c 15 b9 cb 06 62 43 8b 7e b9 d6 df 7a 7d 33 ab 99 10 10 02 1b a1 21 ba eb dc 98 0d 40 24 8b 0b 9b 9f 7f 95 72 99 f0 d9 78 1f be 1b 95 e0 9d de f9 f5 4b c0 ee 2f 67 7f c8 7d 53 49 a8 3a 9b 5f fd e9 41 a9 1c a3 5f b6 a6 98 53 44 47 ea bf c6 7d 52 36 90 3b ea e6 3f fc c3 ea 8c d5 3c ff 00 c6 90 6d c1 b8 b0 3f ef 4d 30 c7 42 c0 6c 73 dc 7d b3 ea 8d 94 7f 6f c6 7d 52 96 4c 4d cb 5a 49 fb 48 d9 cb f0 b7 c4 a6 ae 13 65 1f db f1 9f 54 6c a3 fb 7e 33 ea 97 67 2f c2 df 12 36 72 fc 2d f1 26 a6 13 65 1f db f1 9f 54 6c a3 fb 7e
                                                                                                                                                                                                                                                                                      Data Ascii: 3C7]z\B\HAvd;[||bC~z}3!@$rxK/g}SI:_A_SDG}R6;?<m?M0Bls}o}RLMZIHeTl~3g/6r-&eTl~
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC1390INData Raw: 3e 36 ba 2c e5 b1 87 17 30 b4 66 dc 35 06 f6 b1 be e5 a2 21 71 24 bf 57 13 73 64 a2 11 cc b3 aa a8 26 71 66 57 53 44 46 6c c4 02 00 23 35 ed f5 79 80 09 f1 3c c9 5f 4e e3 0b 23 fd 2b 6d 96 da 0e 6d df d7 e1 68 53 f6 20 43 96 78 0f ed 1b f8 ad 45 a5 99 85 0c 40 5f 10 94 73 bc fe 29 cc c3 6a 64 6e 68 e3 91 ed e7 6c 64 84 ea d8 e4 76 21 23 9a c7 11 b4 3a 81 da b7 b0 d6 48 ea 28 da dc cd 75 89 b6 eb fb c7 9d 75 73 60 f1 4d 67 57 9f fe 27 23 8a ab 3a bc ff 00 f1 39 74 b5 32 54 d1 d1 4d 50 5c e1 b3 69 76 92 0b 9f 25 72 26 cb 51 4b 1b f3 bd c1 ed 0e 17 37 df f7 26 4f ac 4e d1 f6 e2 24 a5 7c 4e cb 2e 66 3b 99 cd 20 a6 88 2f b9 e3 b9 74 18 ed 19 6d 18 90 c6 ec ec 75 9b 62 35 07 e4 16 14 71 cb 7f ee df e1 2a e1 d9 03 86 57 96 f3 24 53 49 04 c6 57 5a 29 0e ed cd 3c
                                                                                                                                                                                                                                                                                      Data Ascii: >6,0f5!q$Wsd&qfWSDFl#5y<_N#+mmhS CxE@_s)jdnhldv!#:H(uus`MgW'#:9t2TMP\iv%r&QK7&ON$|N.f; /tmub5q*W$SIWZ)<


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      11192.168.2.849742142.250.186.78443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC698OUTGET /vi/vx4aQB92rWE/0.jpg HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: img.youtube.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                      X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIk6HLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC647INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Content-Type: image/jpeg
                                                                                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                                                                                      Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
                                                                                                                                                                                                                                                                                      Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
                                                                                                                                                                                                                                                                                      Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Content-Length: 24700
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:15 GMT
                                                                                                                                                                                                                                                                                      Expires: Tue, 08 Oct 2024 00:41:15 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: public, max-age=7200
                                                                                                                                                                                                                                                                                      ETag: "1357148093"
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      Server: sffe
                                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC743INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 05 03 04 08 07 08 08 08 07 08 09 05 08 06 07 07 07 07 07 07 08 07 07 07 08 07 07 07 07 07 07 07 07 07 07 0a 10 0b 07 08 0e 09 07 07 0c 15 0c 0e 11 11 13 13 13 07 0b 16 18 16 12 18 10 12 13 12 01 05 05 05 08 07 08 0d 08 08 0f 12 0d 0c 0c 14 14 14 14 14 14 12 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 ff c0 00 11 08 01 68 01 e0 03 01 22 00 02 11 01 03 11 01 ff c4 00 1d 00 00 01 05 01 01 01 01 00 00 00 00 00 00 00 00 00 00 02 03 04 05 06 07 08 01 09 ff c4 00 5d 10 00 01 03 02 01 05 08 0d 05 0d 05 06 04 07 01 00 03 00 02 04 05 12 13 01 06 14 22 23 07 15 32 33 43 52 54 92 11 17 24 34 42 53 62 63 73 74
                                                                                                                                                                                                                                                                                      Data Ascii: JFIFh"]"#23CRT$4BSbcst
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC1390INData Raw: 16 20 42 12 ec 45 88 10 8b 12 ec 4b 40 cd 89 09 eb 11 62 06 50 9e b1 16 22 06 50 9e b1 16 22 66 50 9e b1 16 20 65 09 76 22 c4 08 42 5d 88 b1 02 10 97 62 42 04 21 2d 08 10 84 b4 20 42 12 d0 81 08 42 10 49 80 6c 02 8c b6 df 82 f0 91 77 1a 96 ed 8d a9 90 71 87 04 71 74 92 04 1a 64 d7 e2 88 1d 20 fa 3a e3 14 18 3a 51 9a 2b b0 1b 61 88 47 d9 8b b2 8c 0d 22 47 f9 75 71 1b 32 a7 9e d7 45 1b 4c 13 71 2f 21 81 1b 10 7c 86 c2 49 d7 be 23 d4 2f dc 8a 0b a3 36 4b 9b 16 73 9e 3c 47 c9 0f 70 62 7f f4 c5 e7 9d db ab 11 a4 ca 8f 06 03 5d a2 d1 80 68 83 7e 36 95 89 b7 d2 7b e1 54 fc c9 ab f6 1a dc 0c 46 bc 98 76 32 48 0b fb 74 8a 96 61 d4 62 b0 85 73 06 40 81 98 84 33 24 03 0b 88 8f 23 f7 85 67 9a ba 70 c2 73 78 ca ae a7 f2 5a ce 18 d4 bc e4 8a 79 6f c0 19 80 68 97 f8 b3
                                                                                                                                                                                                                                                                                      Data Ascii: BEK@bP"P"fP ev"B]bB!- BBIlwqqtd ::Q+aG"Guq2ELq/!|I#/6Ks<Gpb]h~6{TFv2Htabs@3$#gpsxZyoh
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC1390INData Raw: 7b 17 a0 33 cf 36 0b 24 6e 6c 40 61 fe 5a e6 af dc d2 b1 d9 ef 66 fb 60 2e bf 4e be 72 87 e6 72 3a ad 14 c6 7f 85 85 b1 22 c5 ba ed 63 58 e8 cd f6 c0 47 6b 1a c7 46 6f b6 02 e8 e6 e6 30 b6 21 6d fb 58 d6 3a 33 7d b0 11 da c2 b5 d1 5b ef 20 53 e4 18 54 2d cf 6a ea d7 46 6f bc 81 23 b5 75 6b a3 37 db 01 43 31 89 42 db 76 ae ad 74 66 fb c8 12 0f b9 75 69 99 1c ed 15 af b3 98 60 26 63 12 8b 13 cf 66 56 e5 73 5d b3 73 12 14 de 19 45 89 e4 84 08 b1 21 3c 84 0c a1 2e c4 2a c7 66 cd 3a 25 3e 31 83 74 60 bf 03 04 98 cf e3 57 7a a3 06 9b 27 23 44 31 36 e7 f1 9b 63 ff 00 1d 70 f1 c6 73 f2 ea ab 3a 6b 25 c6 73 5e 3c ba ca 9e 7c 13 b2 8c dd b6 b5 9b d1 60 b6 fc 21 f5 ce b9 7e 7f b2 9f 25 8e ba 30 4e ef 2f 6a 98 a9 56 ea 12 5b 86 67 aa 33 d3 4e e4 86 ea 78 1e 56 19 f6
                                                                                                                                                                                                                                                                                      Data Ascii: {36$nl@aZf`.Nrr:"cXGkFo0!mX:3}[ ST-jFo#uk7C1Bvtfui`&cfVs]sE!<.*f:%>1t`Wz'#D16cps:k%s^<|`!~%0N/jV[g3NxV
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC1390INData Raw: 68 f7 9d cf cb 6c 6a 84 73 93 93 0d eb 8e 67 bc f7 3e a1 14 07 6e b0 65 07 11 8f f4 eb a0 66 7d 1a 16 f8 0c 9b fb 06 53 98 4b c7 1a 29 b6 a4 f3 1d d2 b9 16 ea 35 57 97 39 f6 cc d1 49 a7 6d 03 e2 d6 1e 9d d4 35 ba de 2d 64 82 ea a7 3d ce 29 2e 77 28 9b 1b ca fc 97 35 a4 27 d4 62 a3 a9 49 da 93 d2 2e 86 4c e1 14 30 84 4d 28 e2 ec 03 a9 7e 12 ef f8 26 ce 5e 7f 16 6e a1 d2 2f 3f 8b 37 50 ea e7 e7 9b 3a 50 fd b2 3e 7b 0b a6 0f db 29 f1 cc 53 5e 7f 16 6e a1 d1 79 79 86 ea 1d 5c fc f6 17 4c 1f b6 47 cf 61 74 c1 fb 64 e2 14 b7 97 c5 93 a8 74 8d 3b ca 5a 7a 6e 79 81 ee 6b 74 a0 be ff 00 03 19 73 ca ec cb 6a 13 18 dd 9b 59 28 ca b1 75 a6 79 48 d3 3c a5 bc cd 7c f6 cd 88 fb de 59 71 48 79 94 f0 04 67 92 c0 ec 89 fa 3e 3f 74 fe 79 59 d5 b3 cf 34 c5 94 ce 1c 57 3d b5
                                                                                                                                                                                                                                                                                      Data Ascii: hljsg>nef}SK)5W9Im5-d=).w(5'bI.L0M(~&^n/?7P:P>{)S^nyy\LGatdt;ZznyktsjY(uyH<|YqHyg>?tyY4W=
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC1390INData Raw: 62 58 c6 2a e7 3c 1a b6 9b 49 ee 3d 8c 93 27 b1 dc 17 b4 8a 36 e8 4f bb 7b fd 01 be 3a d5 67 46 61 d3 c1 14 85 8d 30 84 20 7c 07 b3 09 62 ea d7 14 74 fb bc 00 9b e3 a4 27 99 bb da cf 6d 3e f4 2b 1c 8b 1c ad c7 01 c8 d0 1c ac 65 19 a0 f6 b2 53 5c 47 34 6d c3 37 0d 6e 62 55 70 1d 78 24 b4 04 e7 b2 48 04 b0 da 03 91 a0 3b ca 41 d8 0f 9f 20 95 4d 24 39 ee 1c a3 33 bc 64 e3 03 14 6a a0 19 da 56 6b 0c f1 c6 ee 7e c3 15 73 6d 01 de 52 34 07 79 48 3a 98 33 e4 ec 6b 9b 8f 15 fb 3d 9b de f0 6c f6 1a 37 73 fe 8e 91 f3 e6 56 b7 75 07 5f cb 02 e5 fa 03 bc a4 68 0e f2 90 74 69 f9 ce f9 2d b0 d2 43 6d 98 76 5e 0f 1f a4 ff 00 98 59 5a c9 9a f9 50 6d 7b 5f 61 0d 89 63 f1 55 1e 80 ef 29 4a a4 c3 b4 e1 77 9c 41 f2 a4 cd bc 8f 4c 6f 8e a3 58 a6 d4 99 b7 91 e9 8d f1 d3 16 2d
                                                                                                                                                                                                                                                                                      Data Ascii: bX*<I='6O{:gFa0 |bt'm>+eS\G4m7nbUpx$H;A M$93djVk~smR4yH:3k=l7sVu_hti-Cmv^YZPm{_acU)JwALoX-
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC1390INData Raw: e2 fe da 34 08 de 2f ed a6 f4 94 69 28 1c d0 e3 73 3e da 0f 0c 4d c9 73 59 ad f5 d3 7a 4a 08 6b 90 66 67 f1 f2 3d 39 be 3a 66 c5 32 7b 36 c6 f4 e6 f8 e9 9b 15 cc 48 b6 22 c5 2a c4 8b 15 82 2d 89 0a 55 88 7b 10 42 7b 12 2c 52 6c 48 b1 13 7b 4f e4 9f c4 54 3d 20 7f 78 5d 8e ad 0f 48 13 85 d9 b2 ff 00 0e ce 02 e3 ff 00 25 76 5a 0a 87 a4 89 fb ca ed b9 56 1d 61 97 64 da 99 f8 94 06 b0 12 40 e2 38 d9 26 63 31 e5 b7 6b 84 70 76 14 12 e6 50 b2 99 c5 6c 99 43 bd 81 1d 8c 37 25 1d 6b 90 95 c2 15 47 18 27 39 65 ee 62 89 b9 e4 7c ad c8 d7 1c cf b1 e1 23 2f c2 fa 3a b1 cd 8c d4 1d 38 8e 7b 0e 69 57 b3 0f 6d 97 13 97 d2 16 91 0a c4 02 cf 6e 83 f7 b6 67 aa 9b e0 2d 0a cf e7 f7 de d9 9e a8 6f 80 83 c0 dc 17 76 54 9b 2d f0 bd 1a 46 af 84 e4 b1 99 ad f0 94 27 00 86 32 df
                                                                                                                                                                                                                                                                                      Data Ascii: 4/i(s>MsYzJkfg=9:f2{6H"*-U{B{,RlH{OT= x]H%vZVad@8&c1kpvPlC7%kG'9eb|#/:8{iWmng-ovT-F'2
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC1390INData Raw: f9 65 9b 24 92 b4 8e 73 6d 7b 5e bc a2 c9 ca 1d e9 43 3f 9a 51 e3 31 be 0b 56 81 99 87 52 73 6f 6d 3c 96 bd 98 9c 30 71 2b 2a 43 39 d6 fa 45 bd ae e7 3c 96 ca 8e 58 ce 0b db bd d1 00 4d 70 71 cb dc f1 5b 35 4d 67 34 b4 58 a3 92 eb 6d 38 f1 01 e7 16 32 ad 03 1e d7 01 b8 64 66 d0 76 2e 87 5d ad b6 4c 43 39 cc 18 0c 6c 11 d8 19 38 a2 1a c1 53 4c e6 e5 4a 2c 9b 4e eb 87 2f c4 8c 49 e5 76 5d bd 3c 6f 27 28 f6 1b 0b 11 45 7d 4a dc b6 ef 6b 7d e5 59 b1 ef e0 ba d4 78 6d 57 32 ab f4 d7 7f 66 37 de 52 0f 3e cf f9 6b 7d b7 f2 15 99 1e eb 9d aa d2 37 11 12 ee 72 0a 8d f5 c9 fd 98 df 6d fc 84 6f ae 4f ec c6 fb 6f e4 29 b6 39 16 39 04 2d f5 c9 fd 98 df 6d fc 84 6f ae 4f ec c6 fb 6f e4 29 b6 39 16 39 04 2d f5 c9 fd 98 df 6d fc 84 6f ae 4f ec c6 fb 6f e4 29 b6 39 16 39
                                                                                                                                                                                                                                                                                      Data Ascii: e$sm{^C?Q1VRsom<0q+*C9E<XMpq[5Mg4Xm82dfv.]LC9l8SLJ,N/Iv]<o'(E}Jk}YxmW2f7R>k}7rmoOo)99-moOo)99-moOo)99
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC1390INData Raw: ff 00 a7 48 de 1a 0e af fb 61 d7 72 9a 9e 61 06 0b 43 7f 8c 6f 51 1a 1b fc 63 7a 8b 5a 08 d4 c6 10 8d 71 71 86 c2 70 de 6c 22 e0 e0 7d 1f 46 ef 94 81 d2 a9 8e 73 bb b0 83 1b 30 75 df 81 f4 94 19 5d 0d fc ff 00 b0 8d 0d fc ff 00 b0 b6 1b d5 47 6e 51 dd 50 71 ef e3 2c e2 93 84 a6 d1 5d 88 46 ce 20 db 79 b5 36 1b 34 18 bd 0d fc ff 00 b0 8d 0d fc ff 00 b0 b5 bb d5 48 6e 47 39 d5 27 6b f1 76 33 fc c2 7e 99 9b d0 4a 10 b8 d2 b0 cc 6c 6c 36 31 e0 da 74 74 18 bd 0d fc ff 00 b0 8d 0d fc ff 00 b0 a5 4f 63 04 63 30 6e c4 1b 08 61 8d fe 31 33 8d 91 03 7a 1b f9 ff 00 61 7d d0 f2 f3 db d4 4b c6 c8 8b fe e3 90 6d 81 b9 15 4d e2 19 5b 26 1d a6 00 4e 3e 3f f8 0b 04 48 d9 5a 47 09 ce 6d cc 39 86 47 af 46 82 30 1c c8 33 1d a4 63 46 82 10 0d ec 92 7c 2e 23 a3 af 3a d4 df dd
                                                                                                                                                                                                                                                                                      Data Ascii: HaraCoQczZqqpl"}Fs0u]GnQPq,]F y64HnG9'kv3~Jll61ttOcc0na13za}KmM[&N>?HZGm9GF03cF|.#:
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC1390INData Raw: ce ce 1a 7b c6 e6 36 9a 41 de 3c 41 be c0 7d 18 1a 37 e9 28 97 5b 11 46 36 12 9e 47 ec 38 78 3f 4b fa 42 0c 42 16 b4 95 ea 63 dd 7b a9 f7 b9 e4 0e 27 11 84 96 0c e4 a7 b3 2b b0 e2 38 2d c3 e0 31 9c b7 fd ba 0c 7a 07 fb 35 aa 9f 5b a6 3c 76 0e 9d 86 eb 30 c8 6e 55 67 1f 85 d8 d9 e2 5d e5 a0 f4 18 3b c2 3f a0 fd 82 f3 ad 4b be 24 7a f4 bf de 57 a2 81 de 11 fd 07 ec 17 9d 6a 5d f1 23 d7 a5 fe f2 83 7b 9a 79 bc 29 50 63 c9 c0 91 29 c7 9d a2 13 04 c0 16 18 7c 7a af a2 d1 05 24 6e 73 a5 0c 04 c7 c3 c1 7e 06 2e 0a 85 41 a0 d4 0e 16 be 33 c8 30 bc 96 0e c3 00 5b 65 09 94 43 bd ae 7b 5a 42 35 9c 63 ec 41 aa 7e 69 09 b6 bd d5 01 e0 bc 98 7a 8c c5 fd ba 85 02 82 29 21 1b f4 a6 81 cf 1e d2 fc 0f f2 eb 3e 3a 39 5d 91 d6 b4 d6 b3 68 4d 8a 64 14 d7 95 ed 60 f1 08 e7 f1
                                                                                                                                                                                                                                                                                      Data Ascii: {6A<A}7([F6G8x?KBBc{'+8-1z5[<v0nUg];?K$zWj]#{y)Pc)|z$ns~.A30[eC{ZB5cA~iz)!>:9]hMd`
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC1390INData Raw: e7 84 ee 63 7d 92 6f b8 59 2c 6d 6b f1 e3 b3 18 64 7b f9 45 2a bb 26 9b 82 ed 19 ad c6 fc fa 0c e4 f9 25 39 1c 52 31 d7 3f 98 c4 c6 b7 31 dd 44 bc 6f 25 39 8c 81 8d 6e 63 ba 88 d6 e6 3b a8 97 8c 8c 6c a8 11 ad cc 77 51 1a dc c7 75 12 f1 b2 a3 1b 2a 04 6b 73 1d d4 46 b7 31 dd 44 bc 6c a8 c6 ca 81 1a dc c7 75 11 ad cc 77 51 2f 1b 2a 31 b2 a0 46 b7 31 dd 44 6b 73 1d d4 4b c6 ca 8c 6c a8 3a 1f c9 de ed f6 35 cd ff 00 97 1b e3 c6 5a 7f 94 5f 79 45 f5 e0 ac e7 c9 ed f7 55 8d fd dc 6f 8f 19 68 fe 51 7d e5 17 d7 82 83 84 be 7e d4 cd f3 e6 f8 e8 7c 97 24 11 8c c5 37 a7 37 c7 53 06 c6 28 20 a9 3d cf c8 ab 09 47 73 96 99 ef 6a 64 e6 1a 98 cc 6f 22 94 3a 3b 79 aa c0 f3 18 df 09 30 4a 93 7b 08 19 de a6 b5 1a 1b 52 1f 55 4c ef 92 0f 5a fc 8a bb d6 ab eb 61 5d ea ad 4d
                                                                                                                                                                                                                                                                                      Data Ascii: c}oY,mkd{E*&%9R1?1Do%9nc;lwQu*ksF1DluwQ/*1F1DksKl:5Z_yEUohQ}~|$77S( =Gsjdo":;y0J{RULZa]M


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      12192.168.2.849743104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC604OUTGET /modules/node/node.css?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: style
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC692INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:15 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                                                                                                      Content-Length: 144
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 06 Dec 2023 14:25:06 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 03 Nov 2024 15:53:40 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 283655
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UQlORExsESUB4vFCqfev1mFypc9m8cwS3OzmzNzMJi3eB2qXWyFeF838pggZ8zlgglofXW0fOQUyM%2B%2BjqX0Sj%2FXHwQp4MrUOK4acPa7cAbrUpFLoWI%2BAwuPEvyJdsCtOmV3Sa%2FwpyvFv5XZU0A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165c68c144334-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC144INData Raw: 0a 2e 6e 6f 64 65 2d 75 6e 70 75 62 6c 69 73 68 65 64 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 34 66 34 3b 0a 7d 0a 2e 70 72 65 76 69 65 77 20 2e 6e 6f 64 65 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 65 61 3b 0a 7d 0a 74 64 2e 72 65 76 69 73 69 6f 6e 2d 63 75 72 72 65 6e 74 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 63 3b 0a 7d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: .node-unpublished { background-color: #fff4f4;}.preview .node { background-color: #ffffea;}td.revision-current { background: #ffc;}


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      13192.168.2.849744104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC608OUTGET /modules/search/search.css?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: style
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC691INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:15 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                                                                                                      Content-Length: 564
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 06 Dec 2023 14:25:06 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 16:15:41 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2183134
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xx%2F08izAY4gICvmRL80Mf88PGFvlPFFO6hQXsAUppzVPksZi2Tk9BAShBHbfZUfWFS6U%2BJu0I%2ByxpSVLS1we1t2JSBM1Kf8Qht%2FwcJaLCZQ0aDQflWmdtgaN26sA2mw0oiUAHNPvz9UqjeaByw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165c689119e05-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC564INData Raw: 0a 2e 73 65 61 72 63 68 2d 66 6f 72 6d 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 65 6d 3b 0a 7d 0a 2e 73 65 61 72 63 68 2d 66 6f 72 6d 20 69 6e 70 75 74 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 3b 0a 7d 0a 2e 73 65 61 72 63 68 2d 72 65 73 75 6c 74 73 20 7b 0a 20 20 6c 69 73 74 2d 73 74 79 6c 65 3a 20 6e 6f 6e 65 3b 0a 7d 0a 2e 73 65 61 72 63 68 2d 72 65 73 75 6c 74 73 20 70 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 3b 0a 7d 0a 2e 73 65 61 72 63 68 2d 72 65 73 75 6c 74 73 20 2e 74 69 74 6c 65 20 7b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 32 65 6d 3b 0a 7d 0a 2e 73 65 61 72 63 68 2d 72 65 73 75 6c 74 73 20 6c 69 20 7b 0a 20 20 6d 61 72 67 69 6e
                                                                                                                                                                                                                                                                                      Data Ascii: .search-form { margin-bottom: 1em;}.search-form input { margin-top: 0; margin-bottom: 0;}.search-results { list-style: none;}.search-results p { margin-top: 0;}.search-results .title { font-size: 1.2em;}.search-results li { margin


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      14192.168.2.849745104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC604OUTGET /modules/user/user.css?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: style
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC682INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:15 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                                                                                                      Content-Length: 1827
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 06 Dec 2023 14:25:06 GMT
                                                                                                                                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Wed, 06 Nov 2024 22:41:15 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BnrNCIhbQ99miJosKFANFddn%2BeuHI5Y%2BIUMukGKW2P2augjzPmZL5D2UEI0jAmcKXlqlqQuQAp4EmfW7KOcynIH6T1CoHOENPb7PDoDhgQKy7J6BqIftPoTXWOikCcvOBQXGff%2Ba8VZ5%2FxGC3g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165c68c08436c-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC687INData Raw: 0a 23 70 65 72 6d 69 73 73 69 6f 6e 73 20 74 64 2e 6d 6f 64 75 6c 65 20 7b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 23 70 65 72 6d 69 73 73 69 6f 6e 73 20 74 64 2e 70 65 72 6d 69 73 73 69 6f 6e 20 7b 0a 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 2e 35 65 6d 3b 20 2f 2a 20 4c 54 52 20 2a 2f 0a 7d 0a 23 70 65 72 6d 69 73 73 69 6f 6e 73 20 74 72 2e 6f 64 64 20 2e 66 6f 72 6d 2d 69 74 65 6d 2c 0a 23 70 65 72 6d 69 73 73 69 6f 6e 73 20 74 72 2e 65 76 65 6e 20 2e 66 6f 72 6d 2d 69 74 65 6d 20 7b 0a 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 23 75 73 65 72 2d 61 64 6d 69 6e 2d 73 65 74 74 69 6e 67 73 20 66 69 65 6c 64 73 65 74 20 2e 66 69 65 6c 64 73 65 74 2d 64 65 73 63 72 69 70 74 69 6f 6e
                                                                                                                                                                                                                                                                                      Data Ascii: #permissions td.module { font-weight: bold;}#permissions td.permission { padding-left: 1.5em; /* LTR */}#permissions tr.odd .form-item,#permissions tr.even .form-item { white-space: normal;}#user-admin-settings fieldset .fieldset-description
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC1140INData Raw: 77 6f 72 64 2d 73 74 72 65 6e 67 74 68 2d 74 69 74 6c 65 20 7b 0a 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 3b 0a 7d 0a 2e 70 61 73 73 77 6f 72 64 2d 73 74 72 65 6e 67 74 68 2d 74 65 78 74 20 7b 0a 20 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 2f 2a 20 4c 54 52 20 2a 2f 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 2e 70 61 73 73 77 6f 72 64 2d 69 6e 64 69 63 61 74 6f 72 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 43 34 43 34 43 34 3b 0a 20 20 68 65 69 67 68 74 3a 20 30 2e 33 65 6d 3b 0a 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 7d 0a 2e 70 61 73 73 77 6f 72 64 2d 69 6e 64 69 63 61 74 6f 72 20 64 69 76 20 7b 0a 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 77 69 64 74 68 3a 20 30
                                                                                                                                                                                                                                                                                      Data Ascii: word-strength-title { display: inline;}.password-strength-text { float: right; /* LTR */ font-weight: bold;}.password-indicator { background-color: #C4C4C4; height: 0.3em; width: 100%;}.password-indicator div { height: 100%; width: 0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      15192.168.2.849747104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC622OUTGET /sites/all/modules/ctools/css/ctools.css?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: style
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC693INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:15 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                                                                                                      Content-Length: 509
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Thu, 04 May 2023 14:00:23 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 16:15:41 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2183134
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YrL%2Fn8vxUjXjtXHYl0E2wsM8GOt6VcwcJR1DF2AJrv3iMkufKvjaQ%2BqeI%2FD64hF6KtKm8%2FwQA5t1OmX5pcbrsHJkq97HSRpJHuyVRWl3rG6zmOV1fTxVaNHWBRUEQljaLk%2FDzuAFKjn64yUfcw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165c68be67c8d-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC509INData Raw: 2e 63 74 6f 6f 6c 73 2d 6c 6f 63 6b 65 64 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 72 65 64 3b 0a 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 65 64 3b 0a 20 20 70 61 64 64 69 6e 67 3a 20 31 65 6d 3b 0a 7d 0a 0a 2e 63 74 6f 6f 6c 73 2d 6f 77 6e 73 2d 6c 6f 63 6b 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 64 64 20 6e 6f 6e 65 20 72 65 70 65 61 74 20 73 63 72 6f 6c 6c 20 30 20 30 3b 0a 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 66 30 63 30 32 30 3b 0a 20 20 70 61 64 64 69 6e 67 3a 20 31 65 6d 3b 0a 7d 0a 0a 61 2e 63 74 6f 6f 6c 73 2d 61 6a 61 78 69 6e 67 2c 0a 69 6e 70 75 74 2e 63 74 6f 6f 6c 73 2d 61 6a 61 78 69 6e 67 2c 0a 62 75 74 74 6f 6e 2e 63 74 6f 6f 6c 73 2d 61 6a 61 78 69 6e 67 2c 0a 73 65 6c
                                                                                                                                                                                                                                                                                      Data Ascii: .ctools-locked { color: red; border: 1px solid red; padding: 1em;}.ctools-owns-lock { background: #ffffdd none repeat scroll 0 0; border: 1px solid #f0c020; padding: 1em;}a.ctools-ajaxing,input.ctools-ajaxing,button.ctools-ajaxing,sel


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      16192.168.2.849748104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC608OUTGET /modules/locale/locale.css?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: style
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC699INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:15 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                                                                                                      Content-Length: 875
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 06 Dec 2023 14:25:06 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 14:52:58 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2188097
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VUoAJRVgBS%2BrYf2Ztf5OLI2fTh5k%2B8wj3Qh%2BnbBl97mgRkz5VEkXQL02kCZm%2B%2BODT7S%2B1nELR8k%2BA537ytTMCU5OzUUKiVNddqeZ8Inyc101UA7rxp%2FvnMCgaRDN75ez1hQeVSkLBkRNHCFVmw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165c689a34333-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC670INData Raw: 0a 2e 6c 6f 63 61 6c 65 2d 75 6e 74 72 61 6e 73 6c 61 74 65 64 20 7b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6c 69 6e 65 2d 74 68 72 6f 75 67 68 3b 0a 7d 0a 0a 23 6c 6f 63 61 6c 65 2d 74 72 61 6e 73 6c 61 74 69 6f 6e 2d 66 69 6c 74 65 72 2d 66 6f 72 6d 20 2e 66 6f 72 6d 2d 69 74 65 6d 2d 6c 61 6e 67 75 61 67 65 2c 0a 23 6c 6f 63 61 6c 65 2d 74 72 61 6e 73 6c 61 74 69 6f 6e 2d 66 69 6c 74 65 72 2d 66 6f 72 6d 20 2e 66 6f 72 6d 2d 69 74 65 6d 2d 74 72 61 6e 73 6c 61 74 69 6f 6e 2c 0a 23 6c 6f 63 61 6c 65 2d 74 72 61 6e 73 6c 61 74 69 6f 6e 2d 66 69 6c 74 65 72 2d 66 6f 72 6d 20 2e 66 6f 72 6d 2d 69 74 65 6d 2d 67 72 6f 75 70 20 7b 0a 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74
                                                                                                                                                                                                                                                                                      Data Ascii: .locale-untranslated { font-style: normal; text-decoration: line-through;}#locale-translation-filter-form .form-item-language,#locale-translation-filter-form .form-item-translation,#locale-translation-filter-form .form-item-group { float: left
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC205INData Raw: 6f 6e 73 20 7b 0a 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 20 2f 2a 20 4c 54 52 20 2a 2f 0a 20 20 70 61 64 64 69 6e 67 3a 20 33 65 78 20 30 20 30 20 31 65 6d 3b 20 2f 2a 20 4c 54 52 20 2a 2f 0a 7d 0a 2e 6c 61 6e 67 75 61 67 65 2d 73 77 69 74 63 68 65 72 2d 6c 6f 63 61 6c 65 2d 73 65 73 73 69 6f 6e 20 61 2e 61 63 74 69 76 65 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 30 30 36 32 41 30 3b 0a 7d 0a 2e 6c 61 6e 67 75 61 67 65 2d 73 77 69 74 63 68 65 72 2d 6c 6f 63 61 6c 65 2d 73 65 73 73 69 6f 6e 20 61 2e 73 65 73 73 69 6f 6e 2d 61 63 74 69 76 65 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: ons { float: left; /* LTR */ padding: 3ex 0 0 1em; /* LTR */}.language-switcher-locale-session a.active { color: #0062A0;}.language-switcher-locale-session a.session-active { color: #000000;}


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      17192.168.2.849746104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC630OUTGET /sites/all/libraries/superfish/css/superfish.css?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: style
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC688INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:15 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                                                                                                      Content-Length: 4934
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Thu, 05 Nov 2015 12:06:50 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 16:15:41 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2183134
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MkTq2QYJiVJxe9AqvZaYpKb74riww7GiLCekM4q8KDV6P5TqCfH7uyN60VilfZLmubw6ZFUUH9jgs47Q5v11On1OF24DBow1BOZPg4Fg%2BWICXksn4BeprBXmzrR7%2FGXwKYmEHoD9wIPCAJm2ig%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165c688a12394-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC681INData Raw: 2e 73 66 2d 6d 65 6e 75 2c 0a 2e 73 66 2d 6d 65 6e 75 20 2a 20 7b 0a 20 20 6c 69 73 74 2d 73 74 79 6c 65 3a 20 6e 6f 6e 65 3b 0a 20 20 6d 61 72 67 69 6e 3a 20 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 2e 73 66 2d 6d 65 6e 75 20 7b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 30 3b 0a 20 20 7a 2d 69 6e 64 65 78 3a 20 34 39 37 3b 0a 7d 0a 2e 73 66 2d 6d 65 6e 75 20 75 6c 20 7b 0a 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 74 6f 70 3a 20 2d 39 39 39 39 39 65 6d 3b 0a 20 20 77 69 64 74 68 3a 20 31 32 65 6d 3b 0a 7d 0a 2e 73 66 2d 6d 65 6e 75 20 75 6c 20 6c 69 20 7b 0a 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 7d 0a 2e 73 66 2d 6d 65 6e 75 20 6c 69 3a 68 6f 76 65 72 20 7b
                                                                                                                                                                                                                                                                                      Data Ascii: .sf-menu,.sf-menu * { list-style: none; margin: 0 !important; padding: 0;}.sf-menu { line-height: 1.0; z-index: 497;}.sf-menu ul { position: absolute; top: -99999em; width: 12em;}.sf-menu ul li { width: 100%;}.sf-menu li:hover {
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC1369INData Raw: 48 6f 76 65 72 20 6c 69 20 75 6c 20 7b 0a 20 20 74 6f 70 3a 20 2d 39 39 39 39 39 65 6d 3b 0a 7d 0a 2e 73 66 2d 6d 65 6e 75 20 6c 69 20 6c 69 3a 68 6f 76 65 72 20 75 6c 2c 0a 2e 73 66 2d 6d 65 6e 75 20 6c 69 20 6c 69 2e 73 66 48 6f 76 65 72 20 75 6c 2c 0a 2e 73 66 2d 6d 65 6e 75 20 6c 69 20 6c 69 20 6c 69 3a 68 6f 76 65 72 20 75 6c 2c 0a 2e 73 66 2d 6d 65 6e 75 20 6c 69 20 6c 69 20 6c 69 2e 73 66 48 6f 76 65 72 20 75 6c 20 7b 0a 20 20 6c 65 66 74 3a 20 31 32 65 6d 3b 0a 20 20 74 6f 70 3a 20 30 3b 0a 7d 0a 2e 73 66 2d 6d 65 6e 75 20 61 2e 73 66 2d 77 69 74 68 2d 75 6c 20 7b 0a 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 31 70 78 3b 0a 7d 0a 2e 73 66 2d 73 75 62 2d 69 6e 64 69 63 61 74 6f 72 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 2e 2e
                                                                                                                                                                                                                                                                                      Data Ascii: Hover li ul { top: -99999em;}.sf-menu li li:hover ul,.sf-menu li li.sfHover ul,.sf-menu li li li:hover ul,.sf-menu li li li.sfHover ul { left: 12em; top: 0;}.sf-menu a.sf-with-ul { min-width: 1px;}.sf-sub-indicator { background: url('..
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC1369INData Raw: 6c 65 66 74 2d 72 61 64 69 75 73 3a 20 31 37 70 78 3b 0a 7d 0a 2e 73 66 2d 73 68 61 64 6f 77 20 75 6c 2e 73 66 2d 73 68 61 64 6f 77 2d 6f 66 66 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 7d 0a 2e 73 66 2d 6d 65 6e 75 2e 72 74 6c 2c 0a 2e 73 66 2d 6d 65 6e 75 2e 72 74 6c 20 6c 69 20 7b 0a 20 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 0a 7d 0a 2e 73 66 2d 6d 65 6e 75 2e 72 74 6c 20 6c 69 3a 68 6f 76 65 72 20 75 6c 2c 0a 2e 73 66 2d 6d 65 6e 75 2e 72 74 6c 20 6c 69 2e 73 66 48 6f 76 65 72 20 75 6c 20 7b 0a 20 20 72 69 67 68 74 3a 20 30 3b 0a 7d 0a 2e 73 66 2d 6d 65 6e 75 2e 72 74 6c 20 6c 69 20 6c 69 3a 68 6f 76 65 72 20 75 6c 2c 0a 2e 73 66 2d 6d 65 6e 75 2e 72 74 6c 20 6c 69 20 6c 69 2e 73 66 48 6f 76 65 72 20
                                                                                                                                                                                                                                                                                      Data Ascii: left-radius: 17px;}.sf-shadow ul.sf-shadow-off { background: transparent;}.sf-menu.rtl,.sf-menu.rtl li { float: right;}.sf-menu.rtl li:hover ul,.sf-menu.rtl li.sfHover ul { right: 0;}.sf-menu.rtl li li:hover ul,.sf-menu.rtl li li.sfHover
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC1369INData Raw: 6c 69 2e 73 66 48 6f 76 65 72 20 75 6c 20 7b 0a 20 20 72 69 67 68 74 3a 20 30 3b 0a 7d 0a 2e 73 66 2d 6e 61 76 62 61 72 2e 72 74 6c 20 6c 69 20 6c 69 20 6c 69 3a 68 6f 76 65 72 20 75 6c 2c 0a 2e 73 66 2d 6e 61 76 62 61 72 2e 72 74 6c 20 6c 69 20 6c 69 20 6c 69 2e 73 66 48 6f 76 65 72 20 75 6c 20 7b 0a 20 20 72 69 67 68 74 3a 20 31 32 65 6d 3b 0a 7d 0a 2e 73 66 2d 76 65 72 74 69 63 61 6c 2e 72 74 6c 20 6c 69 3a 68 6f 76 65 72 20 75 6c 2c 0a 2e 73 66 2d 76 65 72 74 69 63 61 6c 2e 72 74 6c 20 6c 69 2e 73 66 48 6f 76 65 72 20 75 6c 20 7b 0a 20 20 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 72 69 67 68 74 3a 20 31 32 65 6d 3b 0a 7d 0a 2e 73 66 2d 6e 61 76 62 61 72 2e 72 74 6c 20 75 6c 20 2e 73 66 2d 73 75 62 2d 69 6e 64 69 63 61 74 6f 72 20 7b 0a 20 20 62 61 63
                                                                                                                                                                                                                                                                                      Data Ascii: li.sfHover ul { right: 0;}.sf-navbar.rtl li li li:hover ul,.sf-navbar.rtl li li li.sfHover ul { right: 12em;}.sf-vertical.rtl li:hover ul,.sf-vertical.rtl li.sfHover ul { left: auto; right: 12em;}.sf-navbar.rtl ul .sf-sub-indicator { bac
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:15 UTC146INData Raw: 69 63 61 74 6f 72 2c 0a 2e 73 66 2d 76 65 72 74 69 63 61 6c 2e 72 74 6c 20 6c 69 3a 68 6f 76 65 72 20 3e 20 61 20 3e 20 2e 73 66 2d 73 75 62 2d 69 6e 64 69 63 61 74 6f 72 2c 0a 2e 73 66 2d 76 65 72 74 69 63 61 6c 2e 72 74 6c 20 6c 69 2e 73 66 48 6f 76 65 72 20 3e 20 61 20 3e 20 2e 73 66 2d 73 75 62 2d 69 6e 64 69 63 61 74 6f 72 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 2d 31 30 70 78 20 30 3b 0a 7d
                                                                                                                                                                                                                                                                                      Data Ascii: icator,.sf-vertical.rtl li:hover > a > .sf-sub-indicator,.sf-vertical.rtl li.sfHover > a > .sf-sub-indicator { background-position: -10px 0;}


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      18192.168.2.849757216.58.206.46443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC452OUTGET /vi/vx4aQB92rWE/0.jpg HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: img.youtube.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIk6HLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC657INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
                                                                                                                                                                                                                                                                                      Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
                                                                                                                                                                                                                                                                                      Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Content-Length: 24700
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      Server: sffe
                                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:30:30 GMT
                                                                                                                                                                                                                                                                                      Expires: Tue, 08 Oct 2024 00:30:30 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: public, max-age=7200
                                                                                                                                                                                                                                                                                      ETag: "1357148093"
                                                                                                                                                                                                                                                                                      Content-Type: image/jpeg
                                                                                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                                                                                      Age: 646
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC733INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 05 03 04 08 07 08 08 08 07 08 09 05 08 06 07 07 07 07 07 07 08 07 07 07 08 07 07 07 07 07 07 07 07 07 07 0a 10 0b 07 08 0e 09 07 07 0c 15 0c 0e 11 11 13 13 13 07 0b 16 18 16 12 18 10 12 13 12 01 05 05 05 08 07 08 0d 08 08 0f 12 0d 0c 0c 14 14 14 14 14 14 12 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 ff c0 00 11 08 01 68 01 e0 03 01 22 00 02 11 01 03 11 01 ff c4 00 1d 00 00 01 05 01 01 01 01 00 00 00 00 00 00 00 00 00 00 02 03 04 05 06 07 08 01 09 ff c4 00 5d 10 00 01 03 02 01 05 08 0d 05 0d 05 06 04 07 01 00 03 00 02 04 05 12 13 01 06 14 22 23 07 15 32 33 43 52 54 92 11 17 24 34 42 53 62 63 73 74
                                                                                                                                                                                                                                                                                      Data Ascii: JFIFh"]"#23CRT$4BSbcst
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1390INData Raw: 20 42 13 d6 24 58 81 08 4b b1 16 20 42 12 ec 45 88 10 8b 12 ec 4b 40 cd 89 09 eb 11 62 06 50 9e b1 16 22 06 50 9e b1 16 22 66 50 9e b1 16 20 65 09 76 22 c4 08 42 5d 88 b1 02 10 97 62 42 04 21 2d 08 10 84 b4 20 42 12 d0 81 08 42 10 49 80 6c 02 8c b6 df 82 f0 91 77 1a 96 ed 8d a9 90 71 87 04 71 74 92 04 1a 64 d7 e2 88 1d 20 fa 3a e3 14 18 3a 51 9a 2b b0 1b 61 88 47 d9 8b b2 8c 0d 22 47 f9 75 71 1b 32 a7 9e d7 45 1b 4c 13 71 2f 21 81 1b 10 7c 86 c2 49 d7 be 23 d4 2f dc 8a 0b a3 36 4b 9b 16 73 9e 3c 47 c9 0f 70 62 7f f4 c5 e7 9d db ab 11 a4 ca 8f 06 03 5d a2 d1 80 68 83 7e 36 95 89 b7 d2 7b e1 54 fc c9 ab f6 1a dc 0c 46 bc 98 76 32 48 0b fb 74 8a 96 61 d4 62 b0 85 73 06 40 81 98 84 33 24 03 0b 88 8f 23 f7 85 67 9a ba 70 c2 73 78 ca ae a7 f2 5a ce 18 d4 bc e4
                                                                                                                                                                                                                                                                                      Data Ascii: B$XK BEK@bP"P"fP ev"B]bB!- BBIlwqqtd ::Q+aG"Guq2ELq/!|I#/6Ks<Gpb]h~6{TFv2Htabs@3$#gpsxZ
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1390INData Raw: f3 61 91 76 a0 76 20 f9 45 89 7b 17 a0 33 cf 36 0b 24 6e 6c 40 61 fe 5a e6 af dc d2 b1 d9 ef 66 fb 60 2e bf 4e be 72 87 e6 72 3a ad 14 c6 7f 85 85 b1 22 c5 ba ed 63 58 e8 cd f6 c0 47 6b 1a c7 46 6f b6 02 e8 e6 e6 30 b6 21 6d fb 58 d6 3a 33 7d b0 11 da c2 b5 d1 5b ef 20 53 e4 18 54 2d cf 6a ea d7 46 6f bc 81 23 b5 75 6b a3 37 db 01 43 31 89 42 db 76 ae ad 74 66 fb c8 12 0f b9 75 69 99 1c ed 15 af b3 98 60 26 63 12 8b 13 cf 66 56 e5 73 5d b3 73 12 14 de 19 45 89 e4 84 08 b1 21 3c 84 0c a1 2e c4 2a c7 66 cd 3a 25 3e 31 83 74 60 bf 03 04 98 cf e3 57 7a a3 06 9b 27 23 44 31 36 e7 f1 9b 63 ff 00 1d 70 f1 c6 73 f2 ea ab 3a 6b 25 c6 73 5e 3c ba ca 9e 7c 13 b2 8c dd b6 b5 9b d1 60 b6 fc 21 f5 ce b9 7e 7f b2 9f 25 8e ba 30 4e ef 2f 6a 98 a9 56 ea 12 5b 86 67 aa 33
                                                                                                                                                                                                                                                                                      Data Ascii: avv E{36$nl@aZf`.Nrr:"cXGkFo0!mX:3}[ ST-jFo#uk7C1Bvtfui`&cfVs]sE!<.*f:%>1t`Wz'#D16cps:k%s^<|`!~%0N/jV[g3
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1390INData Raw: b2 1a 75 4d d7 97 db ca d8 2b 68 f7 9d cf cb 6c 6a 84 73 93 93 0d eb 8e 67 bc f7 3e a1 14 07 6e b0 65 07 11 8f f4 eb a0 66 7d 1a 16 f8 0c 9b fb 06 53 98 4b c7 1a 29 b6 a4 f3 1d d2 b9 16 ea 35 57 97 39 f6 cc d1 49 a7 6d 03 e2 d6 1e 9d d4 35 ba de 2d 64 82 ea a7 3d ce 29 2e 77 28 9b 1b ca fc 97 35 a4 27 d4 62 a3 a9 49 da 93 d2 2e 86 4c e1 14 30 84 4d 28 e2 ec 03 a9 7e 12 ef f8 26 ce 5e 7f 16 6e a1 d2 2f 3f 8b 37 50 ea e7 e7 9b 3a 50 fd b2 3e 7b 0b a6 0f db 29 f1 cc 53 5e 7f 16 6e a1 d1 79 79 86 ea 1d 5c fc f6 17 4c 1f b6 47 cf 61 74 c1 fb 64 e2 14 b7 97 c5 93 a8 74 8d 3b ca 5a 7a 6e 79 81 ee 6b 74 a0 be ff 00 03 19 73 ca ec cb 6a 13 18 dd 9b 59 28 ca b1 75 a6 79 48 d3 3c a5 bc cd 7c f6 cd 88 fb de 59 71 48 79 94 f0 04 67 92 c0 ec 89 fa 3e 3f 74 fe 79 59 d5
                                                                                                                                                                                                                                                                                      Data Ascii: uM+hljsg>nef}SK)5W9Im5-d=).w(5'bI.L0M(~&^n/?7P:P>{)S^nyy\LGatdt;ZznyktsjY(uyH<|YqHyg>?tyY
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1390INData Raw: 9b d3 1a 08 ef 93 39 c3 24 96 62 58 c6 2a e7 3c 1a b6 9b 49 ee 3d 8c 93 27 b1 dc 17 b4 8a 36 e8 4f bb 7b fd 01 be 3a d5 67 46 61 d3 c1 14 85 8d 30 84 20 7c 07 b3 09 62 ea d7 14 74 fb bc 00 9b e3 a4 27 99 bb da cf 6d 3e f4 2b 1c 8b 1c ad c7 01 c8 d0 1c ac 65 19 a0 f6 b2 53 5c 47 34 6d c3 37 0d 6e 62 55 70 1d 78 24 b4 04 e7 b2 48 04 b0 da 03 91 a0 3b ca 41 d8 0f 9f 20 95 4d 24 39 ee 1c a3 33 bc 64 e3 03 14 6a a0 19 da 56 6b 0c f1 c6 ee 7e c3 15 73 6d 01 de 52 34 07 79 48 3a 98 33 e4 ec 6b 9b 8f 15 fb 3d 9b de f0 6c f6 1a 37 73 fe 8e 91 f3 e6 56 b7 75 07 5f cb 02 e5 fa 03 bc a4 68 0e f2 90 74 69 f9 ce f9 2d b0 d2 43 6d 98 76 5e 0f 1f a4 ff 00 98 59 5a c9 9a f9 50 6d 7b 5f 61 0d 89 63 f1 55 1e 80 ef 29 4a a4 c3 b4 e1 77 9c 41 f2 a4 cd bc 8f 4c 6f 8e a3 58 a6
                                                                                                                                                                                                                                                                                      Data Ascii: 9$bX*<I='6O{:gFa0 |bt'm>+eS\G4m7nbUpx$H;A M$93djVk~smR4yH:3k=l7sVu_hti-Cmv^YZPm{_acU)JwALoX
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1390INData Raw: 33 ed a6 f4 94 69 28 1c d0 01 e2 fe da 34 08 de 2f ed a6 f4 94 69 28 1c d0 e3 73 3e da 0f 0c 4d c9 73 59 ad f5 d3 7a 4a 08 6b 90 66 67 f1 f2 3d 39 be 3a 66 c5 32 7b 36 c6 f4 e6 f8 e9 9b 15 cc 48 b6 22 c5 2a c4 8b 15 82 2d 89 0a 55 88 7b 10 42 7b 12 2c 52 6c 48 b1 13 7b 4f e4 9f c4 54 3d 20 7f 78 5d 8e ad 0f 48 13 85 d9 b2 ff 00 0e ce 02 e3 ff 00 25 76 5a 0a 87 a4 89 fb ca ed b9 56 1d 61 97 64 da 99 f8 94 06 b0 12 40 e2 38 d9 26 63 31 e5 b7 6b 84 70 76 14 12 e6 50 b2 99 c5 6c 99 43 bd 81 1d 8c 37 25 1d 6b 90 95 c2 15 47 18 27 39 65 ee 62 89 b9 e4 7c ad c8 d7 1c cf b1 e1 23 2f c2 fa 3a b1 cd 8c d4 1d 38 8e 7b 0e 69 57 b3 0f 6d 97 13 97 d2 16 91 0a c4 02 cf 6e 83 f7 b6 67 aa 9b e0 2d 0a cf e7 f7 de d9 9e a8 6f 80 83 c0 dc 17 76 54 9b 2d f0 bd 1a 46 af 84 e4
                                                                                                                                                                                                                                                                                      Data Ascii: 3i(4/i(s>MsYzJkfg=9:f2{6H"*-U{B{,RlH{OT= x]H%vZVad@8&c1kpvPlC7%kG'9eb|#/:8{iWmng-ovT-F
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1390INData Raw: 4b 49 34 77 b5 da cc 1e 23 f5 f9 65 9b 24 92 b4 8e 73 6d 7b 5e bc a2 c9 ca 1d e9 43 3f 9a 51 e3 31 be 0b 56 81 99 87 52 73 6f 6d 3c 96 bd 98 9c 30 71 2b 2a 43 39 d6 fa 45 bd ae e7 3c 96 ca 8e 58 ce 0b db bd d1 00 4d 70 71 cb dc f1 5b 35 4d 67 34 b4 58 a3 92 eb 6d 38 f1 01 e7 16 32 ad 03 1e d7 01 b8 64 66 d0 76 2e 87 5d ad b6 4c 43 39 cc 18 0c 6c 11 d8 19 38 a2 1a c1 53 4c e6 e5 4a 2c 9b 4e eb 87 2f c4 8c 49 e5 76 5d bd 3c 6f 27 28 f6 1b 0b 11 45 7d 4a dc b6 ef 6b 7d e5 59 b1 ef e0 ba d4 78 6d 57 32 ab f4 d7 7f 66 37 de 52 0f 3e cf f9 6b 7d b7 f2 15 99 1e eb 9d aa d2 37 11 12 ee 72 0a 8d f5 c9 fd 98 df 6d fc 84 6f ae 4f ec c6 fb 6f e4 29 b6 39 16 39 04 2d f5 c9 fd 98 df 6d fc 84 6f ae 4f ec c6 fb 6f e4 29 b6 39 16 39 04 2d f5 c9 fd 98 df 6d fc 84 6f ae 4f
                                                                                                                                                                                                                                                                                      Data Ascii: KI4w#e$sm{^C?Q1VRsom<0q+*C9E<XMpq[5Mg4Xm82dfv.]LC9l8SLJ,N/Iv]<o'(E}Jk}YxmW2f7R>k}7rmoOo)99-moOo)99-moO
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1390INData Raw: aa 0e 83 23 13 6f 7b f9 1e e8 ff 00 a7 48 de 1a 0e af fb 61 d7 72 9a 9e 61 06 0b 43 7f 8c 6f 51 1a 1b fc 63 7a 8b 5a 08 d4 c6 10 8d 71 71 86 c2 70 de 6c 22 e0 e0 7d 1f 46 ef 94 81 d2 a9 8e 73 bb b0 83 1b 30 75 df 81 f4 94 19 5d 0d fc ff 00 b0 8d 0d fc ff 00 b0 b6 1b d5 47 6e 51 dd 50 71 ef e3 2c e2 93 84 a6 d1 5d 88 46 ce 20 db 79 b5 36 1b 34 18 bd 0d fc ff 00 b0 8d 0d fc ff 00 b0 b5 bb d5 48 6e 47 39 d5 27 6b f1 76 33 fc c2 7e 99 9b d0 4a 10 b8 d2 b0 cc 6c 6c 36 31 e0 da 74 74 18 bd 0d fc ff 00 b0 8d 0d fc ff 00 b0 a5 4f 63 04 63 30 6e c4 1b 08 61 8d fe 31 33 8d 91 03 7a 1b f9 ff 00 61 7d d0 f2 f3 db d4 4b c6 c8 8b fe e3 90 6d 81 b9 15 4d e2 19 5b 26 1d a6 00 4e 3e 3f f8 0b 04 48 d9 5a 47 09 ce 6d cc 39 86 47 af 46 82 30 1c c8 33 1d a4 63 46 82 10 0d ec
                                                                                                                                                                                                                                                                                      Data Ascii: #o{HaraCoQczZqqpl"}Fs0u]GnQPq,]F y64HnG9'kv3~Jll61ttOcc0na13za}KmM[&N>?HZGm9GF03cF
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1390INData Raw: 3a eb 59 c6 3d ef e3 15 2a db ce ce 1a 7b c6 e6 36 9a 41 de 3c 41 be c0 7d 18 1a 37 e9 28 97 5b 11 46 36 12 9e 47 ec 38 78 3f 4b fa 42 0c 42 16 b4 95 ea 63 dd 7b a9 f7 b9 e4 0e 27 11 84 96 0c e4 a7 b3 2b b0 e2 38 2d c3 e0 31 9c b7 fd ba 0c 7a 07 fb 35 aa 9f 5b a6 3c 76 0e 9d 86 eb 30 c8 6e 55 67 1f 85 d8 d9 e2 5d e5 a0 f4 18 3b c2 3f a0 fd 82 f3 ad 4b be 24 7a f4 bf de 57 a2 81 de 11 fd 07 ec 17 9d 6a 5d f1 23 d7 a5 fe f2 83 7b 9a 79 bc 29 50 63 c9 c0 91 29 c7 9d a2 13 04 c0 16 18 7c 7a af a2 d1 05 24 6e 73 a5 0c 04 c7 c3 c1 7e 06 2e 0a 85 41 a0 d4 0e 16 be 33 c8 30 bc 96 0e c3 00 5b 65 09 94 43 bd ae 7b 5a 42 35 9c 63 ec 41 aa 7e 69 09 b6 bd d5 01 e0 bc 98 7a 8c c5 fd ba 85 02 82 29 21 1b f4 a6 81 cf 1e d2 fc 0f f2 eb 3e 3a 39 5d 91 d6 b4 d6 b3 68 4d 8a
                                                                                                                                                                                                                                                                                      Data Ascii: :Y=*{6A<A}7([F6G8x?KBBc{'+8-1z5[<v0nUg];?K$zWj]#{y)Pc)|z$ns~.A30[eC{ZB5cA~iz)!>:9]hM
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1390INData Raw: 3b 67 76 2d b1 bc 5d 9c 4a 73 e7 84 ee 63 7d 92 6f b8 59 2c 6d 6b f1 e3 b3 18 64 7b f9 45 2a bb 26 9b 82 ed 19 ad c6 fc fa 0c e4 f9 25 39 1c 52 31 d7 3f 98 c4 c6 b7 31 dd 44 bc 6f 25 39 8c 81 8d 6e 63 ba 88 d6 e6 3b a8 97 8c 8c 6c a8 11 ad cc 77 51 1a dc c7 75 12 f1 b2 a3 1b 2a 04 6b 73 1d d4 46 b7 31 dd 44 bc 6c a8 c6 ca 81 1a dc c7 75 11 ad cc 77 51 2f 1b 2a 31 b2 a0 46 b7 31 dd 44 6b 73 1d d4 4b c6 ca 8c 6c a8 3a 1f c9 de ed f6 35 cd ff 00 97 1b e3 c6 5a 7f 94 5f 79 45 f5 e0 ac e7 c9 ed f7 55 8d fd dc 6f 8f 19 68 fe 51 7d e5 17 d7 82 83 84 be 7e d4 cd f3 e6 f8 e8 7c 97 24 11 8c c5 37 a7 37 c7 53 06 c6 28 20 a9 3d cf c8 ab 09 47 73 96 99 ef 6a 64 e6 1a 98 cc 6f 22 94 3a 3b 79 aa c0 f3 18 df 09 30 4a 93 7b 08 19 de a6 b5 1a 1b 52 1f 55 4c ef 92 0f 5a fc
                                                                                                                                                                                                                                                                                      Data Ascii: ;gv-]Jsc}oY,mkd{E*&%9R1?1Do%9nc;lwQu*ksF1DluwQ/*1F1DksKl:5Z_yEUohQ}~|$77S( =Gsjdo":;y0J{RULZ


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      19192.168.2.849759104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC629OUTGET /sites/all/libraries/superfish/style/coffee.css?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: style
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC694INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:16 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                                                                                                      Content-Length: 1182
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 23 Jan 2013 20:45:57 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 14:53:47 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2188049
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AMlbws5ErpMuOIxRdtjHHlB6b6RX9a3Zp7Bb7b1QCTpJ2BrIV%2F7iDLI69uf6pd8ZWTj4ZGUX8%2BOrsXCb2HWgt8DeCgOVGebsxGAMY6OAJw5F9UcKkiDIb3s3mDtA%2BO%2BQ7IF%2FozFwlt4TygVQ8g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165cd4b01440b-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC675INData Raw: 2e 73 66 2d 6d 65 6e 75 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 3b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 35 3b 0a 7d 0a 23 6e 61 76 69 67 61 74 69 6f 6e 20 2e 73 66 2d 6d 65 6e 75 20 3e 20 6c 69 2c 20 23 6e 61 76 69 67 61 74 69 6f 6e 20 2e 73 66 2d 6d 65 6e 75 20 3e 20 6c 69 3a 68 6f 76 65 72 2c 0a 23 6e 61 76 69 67 61 74 69 6f 6e 20 2e 73 66 2d 6d 65 6e 75 20 3e 20 6c 69 3a 61 63 74 69 76 65 2c 20 23 6e 61 76 69 67 61 74 69 6f 6e 20 73 66 2d 6d 65 6e 75 20 3e 20 6c 69 3a 76 69 73 69 74 65 64 2c 0a 23 6e 61 76 69 67 61 74 69 6f 6e 20 2e 73 66 2d 6d 65 6e 75 20 3e 20 6c 69 3a 66 6f 63 75 73 2c 20 23 6e 61 76 69 67 61 74 69 6f 6e 20 2e 73 66 2d 6d 65 6e 75 20 3e 20 6c 69 2e 73 66 48 6f 76 65 72 20 7b 0a 20 20 62 61 63
                                                                                                                                                                                                                                                                                      Data Ascii: .sf-menu { margin-bottom: 0; line-height: 1.5;}#navigation .sf-menu > li, #navigation .sf-menu > li:hover,#navigation .sf-menu > li:active, #navigation sf-menu > li:visited,#navigation .sf-menu > li:focus, #navigation .sf-menu > li.sfHover { bac
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC507INData Raw: 61 76 69 67 61 74 69 6f 6e 20 2e 73 66 2d 6d 65 6e 75 20 6c 69 20 6c 69 3a 68 6f 76 65 72 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 65 32 39 34 34 66 3b 0a 7d 0a 2e 73 66 2d 6d 65 6e 75 20 6c 69 3a 68 6f 76 65 72 20 75 6c 2c 20 2e 73 66 2d 6d 65 6e 75 20 6c 69 2e 73 66 48 6f 76 65 72 20 75 6c 20 7b 0a 20 20 77 69 64 74 68 3a 20 31 35 30 70 78 3b 0a 20 20 74 6f 70 3a 20 33 2e 35 65 6d 3b 0a 7d 0a 23 6e 61 76 69 67 61 74 69 6f 6e 20 2e 73 66 2d 6d 65 6e 75 20 6c 69 20 6c 69 20 61 20 7b 0a 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 64 64 64 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6e 6f 6e 65 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68
                                                                                                                                                                                                                                                                                      Data Ascii: avigation .sf-menu li li:hover { background-color: #e2944f;}.sf-menu li:hover ul, .sf-menu li.sfHover ul { width: 150px; top: 3.5em;}#navigation .sf-menu li li a { border-top: 1px solid #ddd; background: none; font-size: 14px; font-weigh


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      20192.168.2.849760104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC619OUTGET /sites/all/themes/freshmade/style.css?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: style
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC687INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:16 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/css
                                                                                                                                                                                                                                                                                      Content-Length: 16643
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Sat, 25 Sep 2021 12:45:09 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 16:15:41 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2183135
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IFeKjyQrdR70CFyyKSZWk5yLzca%2BAGgNdkmI1bfexmPYTmJvAPOEGbWMIesM1pbLYKYx7U5uuio3wMa931GUAqaLqbcQjP0flNV9q5i2SG7dhBUg2JfouOIFf2fuE1KlE5XS5luXFtB3VMCVQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165cd4d258ce2-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC682INData Raw: 2f 2a 20 20 0a 54 65 6d 70 6c 61 74 65 20 6e 61 6d 65 3a 20 46 72 65 73 68 6d 61 64 65 20 53 6f 66 74 77 61 72 65 0a 54 65 6d 70 6c 61 74 65 20 55 52 49 3a 20 68 74 74 70 3a 2f 2f 74 65 6d 70 6c 61 74 65 73 2e 61 72 63 73 69 6e 2e 73 65 2f 66 72 65 73 68 6d 61 64 65 2d 73 6f 66 74 77 61 72 65 2d 77 65 62 73 69 74 65 2d 74 65 6d 70 6c 61 74 65 2f 0a 52 65 6c 65 61 73 65 20 64 61 74 65 3a 20 32 30 30 39 2d 30 36 2d 32 31 0a 4c 61 73 74 20 75 70 64 61 74 65 64 3a 20 32 30 30 39 2d 30 38 2d 31 30 0a 44 65 73 63 72 69 70 74 69 6f 6e 3a 20 41 20 73 6f 66 74 77 61 72 65 20 63 6f 6d 70 61 6e 79 20 73 74 79 6c 65 64 20 74 65 6d 70 6c 61 74 65 20 69 6e 20 6c 69 67 68 74 20 63 6f 6c 6f 72 73 20 6f 66 20 77 68 69 74 65 2c 20 6f 72 61 6e 67 65 20 61 6e 64 20 62 72 6f
                                                                                                                                                                                                                                                                                      Data Ascii: /* Template name: Freshmade SoftwareTemplate URI: http://templates.arcsin.se/freshmade-software-website-template/Release date: 2009-06-21Last updated: 2009-08-10Description: A software company styled template in light colors of white, orange and bro
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 73 65 74 2c 20 66 6f 72 6d 2c 20 6c 61 62 65 6c 2c 20 6c 65 67 65 6e 64 2c 20 74 61 62 6c 65 2c 20 63 61 70 74 69 6f 6e 2c 20 74 62 6f 64 79 2c 20 74 66 6f 6f 74 2c 20 74 68 65 61 64 2c 20 74 72 2c 20 74 68 2c 20 74 64 2c 20 74 65 78 74 61 72 65 61 2c 20 69 6e 70 75 74 2c 20 73 65 6c 65 63 74 20 7b 6d 61 72 67 69 6e 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 69 6e 68 65 72 69 74 3b 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 69 6e 68 65 72 69 74 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 69 6e 68 65 72 69 74 3b 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 61 73 65 6c 69 6e 65 3b 7d 0a 74 61 62 6c 65 20 7b 62 6f 72 64 65
                                                                                                                                                                                                                                                                                      Data Ascii: set, form, label, legend, table, caption, tbody, tfoot, thead, tr, th, td, textarea, input, select {margin: 0; padding: 0; border: 0; font-weight: inherit; font-style: inherit; font-size: 100%; font-family: inherit; vertical-align: baseline;}table {borde
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 70 61 64 64 69 6e 67 3a 20 37 70 78 20 36 70 78 3b 0a 7d 0a 0a 6c 61 62 65 6c 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 36 36 36 36 36 36 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 0a 66 6f 72 6d 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6e 6f 6e 65 20 72 65 70 65 61 74 20 73 63 72 6f 6c 6c 20 30 20 30 20 23 46 33 46 34 46 35 3b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 32 45 34 45 37 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 30 70 78 20 32 35 70 78 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 20 32 35 70 78 20 32 35 70 78 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 34 37 37 70 78 3b 0a 7d 0a 0a 2e
                                                                                                                                                                                                                                                                                      Data Ascii: padding: 7px 6px;}label { color: #666666; display: block; font-weight: bold;}form { background: none repeat scroll 0 0 #F3F4F5; border: 1px solid #E2E4E7; margin: 10px 25px; padding: 10px 25px 25px; width: 477px;}.
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 6f 72 6d 61 6c 3b 0a 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0a 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 2e 33 65 6d 3b 0a 7d 0a 68 34 2c 68 35 2c 68 36 20 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 7d 0a 0a 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 36 65 6d 3b 7d 0a 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 7d 0a 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 35 65 6d 3b 7d 0a 68 34 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 32 35 65 6d 3b 7d 0a 68 35 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 31 65 6d 3b 7d 0a 68 36 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 65 6d 3b 7d 0a 0a 68 31 20 69 6d 67 2c 20 68 32 20 69 6d 67 2c 20 68 33 20 69 6d 67 2c 20 68 34 20 69 6d 67 2c 20 68 35 20 69 6d 67 2c
                                                                                                                                                                                                                                                                                      Data Ascii: ormal;line-height: 1;margin-bottom: 0.3em;}h4,h5,h6 {font-weight: bold;}h1 {font-size: 2.6em;}h2 {font-size: 2em;}h3 {font-size: 1.5em;}h4 {font-size: 1.25em;}h5 {font-size: 1.1em;}h6 {font-size: 1em;}h1 img, h2 img, h3 img, h4 img, h5 img,
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 65 20 7b 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 20 63 6f 6c 6c 61 70 73 65 3b 20 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 20 30 3b 7d 0a 74 64 2c 20 74 62 6f 64 79 20 74 64 20 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6e 6f 6e 65 20 72 65 70 65 61 74 20 73 63 72 6f 6c 6c 20 30 20 30 20 23 46 30 46 30 46 30 3b 20 62 6f 72 64 65 72 3a 20 30 20 6e 6f 6e 65 3b 7d 0a 74 68 2c 20 74 64 20 7b 20 70 61 64 64 69 6e 67 3a 20 35 70 78 3b 7d 0a 0a 74 61 62 6c 65 2e 64 61 74 61 2d 74 61 62 6c 65 20 7b 0a 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 65 6d 3b 0a 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 7d 0a 74 61 62 6c 65 2e 64 61 74 61 2d 74 61 62 6c 65 20 74 68 20 7b 0a 09 62
                                                                                                                                                                                                                                                                                      Data Ascii: e {border-collapse: collapse; border-spacing: 0;}td, tbody td {background: none repeat scroll 0 0 #F0F0F0; border: 0 none;}th, td { padding: 5px;}table.data-table {border: 1px solid #EEE;margin-bottom: 2em;width: 100%;}table.data-table th {b
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 7b 63 6f 6c 6f 72 3a 20 23 38 41 31 46 31 31 3b 7d 0a 0a 2e 6e 6f 74 69 63 65 20 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 46 46 46 36 42 46 3b 20 63 6f 6c 6f 72 3a 20 23 35 31 34 37 32 31 3b 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 46 46 44 33 32 34 3b 7d 0a 2e 6e 6f 74 69 63 65 20 61 20 7b 63 6f 6c 6f 72 3a 20 23 35 31 34 37 32 31 3b 7d 0a 0a 2e 73 75 63 63 65 73 73 20 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 45 36 45 46 43 32 3b 20 63 6f 6c 6f 72 3a 20 23 32 36 34 34 30 39 3b 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 43 36 44 38 38 30 3b 7d 0a 2e 73 75 63 63 65 73 73 20 61 20 7b 63 6f 6c 6f 72 3a 20 23 32 36 34 34 30 39 3b 7d 0a 0a 64 69 76 2e 6d 6f 72 65 20 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 36 70 78 3b 7d 0a 2e 6d 6f 72 65 20 61
                                                                                                                                                                                                                                                                                      Data Ascii: {color: #8A1F11;}.notice {background: #FFF6BF; color: #514721; border-color: #FFD324;}.notice a {color: #514721;}.success {background: #E6EFC2; color: #264409; border-color: #C6D880;}.success a {color: #264409;}div.more {padding-top: 6px;}.more a
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 72 69 67 68 74 20 7b 6d 61 72 67 69 6e 3a 20 30 20 30 20 31 65 6d 20 31 2e 35 65 6d 3b 7d 0a 0a 0a 2f 2a 20 46 6c 6f 61 74 73 20 2a 2f 20 20 20 0a 0a 2e 6c 65 66 74 2c 2e 61 6c 69 67 6e 6c 65 66 74 20 7b 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 7d 0a 2e 72 69 67 68 74 2c 2e 61 6c 69 67 6e 72 69 67 68 74 20 7b 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 7d 0a 0a 2e 63 6c 65 61 72 2c 2e 63 6c 65 61 72 65 72 20 7b 63 6c 65 61 72 3a 20 62 6f 74 68 3b 7d 0a 2e 63 6c 65 61 72 65 72 20 7b 0a 09 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 3b 0a 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 30 3b 09 0a 7d 0a 0a 0a 2f 2a 20 43 6f 6c 75 6d 6e 73 20 2a 2f 0a 0a 2e 63 6f 6c 32 20 7b 77 69 64 74 68 3a 20 34 37 25 3b 7d 0a 0a 0a 0a 2f 2a 20
                                                                                                                                                                                                                                                                                      Data Ascii: right {margin: 0 0 1em 1.5em;}/* Floats */ .left,.alignleft {float: left;}.right,.alignright {float: right;}.clear,.clearer {clear: both;}.clearer {display: block;font-size: 0;line-height: 0;}/* Columns */.col2 {width: 47%;}/*
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 6f 6e 65 3b 0a 09 70 61 64 64 69 6e 67 3a 20 36 70 78 20 35 70 78 3b 0a 7d 0a 75 6c 2e 6e 69 63 65 2d 6c 69 73 74 20 6c 69 20 61 20 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 7d 0a 75 6c 2e 6e 69 63 65 2d 6c 69 73 74 20 6c 69 20 61 3a 68 6f 76 65 72 20 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 7d 0a 75 6c 2e 6e 69 63 65 2d 6c 69 73 74 20 73 70 61 6e 20 7b 63 6f 6c 6f 72 3a 20 23 36 36 36 3b 7d 0a 0a 23 73 69 64 65 62 61 72 20 75 6c 2e 6e 69 63 65 2d 6c 69 73 74 20 6c 69 2c 23 73 69 64 65 62 61 72 20 75 6c 2e 6e 69 63 65 2d 6c 69 73 74 20 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 45 30 45 30 45 30 3b 7d 0a 0a 0a 2f 2a 20 41 72 63 68 69 76 65 73 20 2a 2f 0a 2e 61 72 63 68 69 76 65 2d
                                                                                                                                                                                                                                                                                      Data Ascii: one;padding: 6px 5px;}ul.nice-list li a {text-decoration: none;}ul.nice-list li a:hover {text-decoration: underline;}ul.nice-list span {color: #666;}#sidebar ul.nice-list li,#sidebar ul.nice-list {border-color: #E0E0E0;}/* Archives */.archive-
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 2a 2f 0a 0a 2e 62 6f 78 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 69 6d 67 2f 62 6f 78 2e 67 69 66 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 20 74 6f 70 3b 0a 09 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 46 44 46 44 41 3b 0a 09 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 46 46 46 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 36 70 78 20 32 30 70 78 20 30 3b 0a 7d 0a 2e 62 6f 78 20 61 20 7b 63 6f 6c 6f 72 3a 20 23 39 35 31 3b 7d 0a 2e 62 6f 78 20 61 3a 68 6f 76 65 72 20 7b 63 6f 6c 6f 72 3a 20 23 33 31 30 3b 7d 0a 2e 62 6f 78 2d 74 69 74 6c 65 20 7b 09 0a 09 63 6f 6c 6f 72 3a 20 23 36 36 35 3b 0a 09 66 6f 6e 74 3a
                                                                                                                                                                                                                                                                                      Data Ascii: ------------------ */.box {background: url('img/box.gif') no-repeat left top;border-bottom: 1px solid #DFDFDA;border-top: 1px solid #FFF;padding: 16px 20px 0;}.box a {color: #951;}.box a:hover {color: #310;}.box-title {color: #665;font:
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 20 33 39 70 78 3b 0a 09 6d 61 72 67 69 6e 3a 20 2d 38 70 78 20 30 20 30 20 61 75 74 6f 3b 0a 09 77 69 64 74 68 3a 20 32 39 30 70 78 3b 0a 7d 0a 23 68 65 6c 70 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 36 36 36 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 32 65 6d 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 20 32 38 70 78 20 30 20 32 35 70 78 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 23 68 65 6c 70 20 61 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 39 39 39 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 23 68 65 6c 70 20 61 3a 68 6f 76 65 72 20 7b 63 6f 6c 6f 72 3a 20 23 44 44 44 3b 7d 0a 0a 23 68 65 6c 70 20 73 70 61 6e 2e 74 65 78 74 2d 73 65 70 61 72 61 74 6f 72 20 7b 0a 09 63 6f 6c
                                                                                                                                                                                                                                                                                      Data Ascii: 39px;margin: -8px 0 0 auto;width: 290px;}#help {color: #666;font-size: 1.2em;padding: 10px 28px 0 25px; text-align: center;}#help a {color: #999;text-decoration: none;}#help a:hover {color: #DDD;}#help span.text-separator {col


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      21192.168.2.849761104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC584OUTGET /misc/jquery.js?v=1.4.4 HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC705INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:16 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                                                                                                      Content-Length: 78601
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 06 Dec 2023 14:25:06 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 16:15:41 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2183135
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IAWCvm3BsnkzychD7aOoCa8IfzRpg46lgIETRlXUI8cWXLpiSP0ZZHeQ3EM9t%2FmIbsnRFXqLMg2BpM08Ex0CQ6B8SmWTXM0pOzzk%2FXnhu42hCH38tj0Ns%2FGA55pBjN4vQ4HkkfD49GZkGb2yvg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165cd2e0619d7-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC664INData Raw: 2f 2a 21 0a 20 2a 20 6a 51 75 65 72 79 20 4a 61 76 61 53 63 72 69 70 74 20 4c 69 62 72 61 72 79 20 76 31 2e 34 2e 34 0a 20 2a 20 68 74 74 70 3a 2f 2f 6a 71 75 65 72 79 2e 63 6f 6d 2f 0a 20 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 30 2c 20 4a 6f 68 6e 20 52 65 73 69 67 0a 20 2a 20 44 75 61 6c 20 6c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 6f 72 20 47 50 4c 20 56 65 72 73 69 6f 6e 20 32 20 6c 69 63 65 6e 73 65 73 2e 0a 20 2a 20 68 74 74 70 3a 2f 2f 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 0a 20 2a 0a 20 2a 20 49 6e 63 6c 75 64 65 73 20 53 69 7a 7a 6c 65 2e 6a 73 0a 20 2a 20 68 74 74 70 3a 2f 2f 73 69 7a 7a 6c 65 6a 73 2e 63 6f 6d 2f 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 30 2c 20 54 68 65 20 44
                                                                                                                                                                                                                                                                                      Data Ascii: /*! * jQuery JavaScript Library v1.4.4 * http://jquery.com/ * * Copyright 2010, John Resig * Dual licensed under the MIT or GPL Version 2 licenses. * http://jquery.org/license * * Includes Sizzle.js * http://sizzlejs.com/ * Copyright 2010, The D
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 6e 20 63 61 28 29 7b 72 65 74 75 72 6e 20 74 72 75 65 7d 66 75 6e 63 74 69 6f 6e 20 6c 61 28 61 2c 62 2c 64 29 7b 64 5b 30 5d 2e 74 79 70 65 3d 61 3b 72 65 74 75 72 6e 20 63 2e 65 76 65 6e 74 2e 68 61 6e 64 6c 65 2e 61 70 70 6c 79 28 62 2c 64 29 7d 66 75 6e 63 74 69 6f 6e 20 4b 61 28 61 29 7b 76 61 72 20 62 2c 64 2c 65 2c 66 2c 68 2c 6c 2c 6b 2c 6f 2c 78 2c 72 2c 41 2c 43 3d 5b 5d 3b 66 3d 5b 5d 3b 68 3d 63 2e 64 61 74 61 28 74 68 69 73 2c 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 3f 22 65 76 65 6e 74 73 22 3a 22 5f 5f 65 76 65 6e 74 73 5f 5f 22 29 3b 69 66 28 74 79 70 65 6f 66 20 68 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 68 3d 0a 68 2e 65 76 65 6e 74 73 3b 69 66 28 21 28 61 2e 6c 69 76 65 46 69 72 65 64 3d 3d 3d 74 68 69 73 7c 7c 21 68 7c 7c 21 68 2e 6c
                                                                                                                                                                                                                                                                                      Data Ascii: n ca(){return true}function la(a,b,d){d[0].type=a;return c.event.handle.apply(b,d)}function Ka(a){var b,d,e,f,h,l,k,o,x,r,A,C=[];f=[];h=c.data(this,this.nodeType?"events":"__events__");if(typeof h==="function")h=h.events;if(!(a.liveFired===this||!h||!h.l
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 65 74 75 72 6e 20 63 2e 67 72 65 70 28 61 2c 66 75 6e 63 74 69 6f 6e 28 66 29 7b 72 65 74 75 72 6e 20 66 3d 3d 3d 62 3d 3d 3d 64 7d 29 3b 65 6c 73 65 20 69 66 28 74 79 70 65 6f 66 20 62 3d 3d 3d 22 73 74 72 69 6e 67 22 29 7b 76 61 72 20 65 3d 63 2e 67 72 65 70 28 61 2c 66 75 6e 63 74 69 6f 6e 28 66 29 7b 72 65 74 75 72 6e 20 66 2e 6e 6f 64 65 54 79 70 65 3d 3d 3d 31 7d 29 3b 69 66 28 4e 61 2e 74 65 73 74 28 62 29 29 72 65 74 75 72 6e 20 63 2e 66 69 6c 74 65 72 28 62 2c 65 2c 21 64 29 3b 65 6c 73 65 20 62 3d 63 2e 66 69 6c 74 65 72 28 62 2c 65 29 7d 72 65 74 75 72 6e 20 63 2e 67 72 65 70 28 61 2c 66 75 6e 63 74 69 6f 6e 28 66 29 7b 72 65 74 75 72 6e 20 63 2e 69 6e 41 72 72 61 79 28 66 2c 62 29 3e 3d 30 3d 3d 3d 64 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 6e 61
                                                                                                                                                                                                                                                                                      Data Ascii: eturn c.grep(a,function(f){return f===b===d});else if(typeof b==="string"){var e=c.grep(a,function(f){return f.nodeType===1});if(Na.test(b))return c.filter(b,e,!d);else b=c.filter(b,e)}return c.grep(a,function(f){return c.inArray(f,b)>=0===d})}function na
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 28 22 3c 22 2b 0a 61 2b 22 3e 22 29 2e 61 70 70 65 6e 64 54 6f 28 22 62 6f 64 79 22 29 2c 64 3d 62 2e 63 73 73 28 22 64 69 73 70 6c 61 79 22 29 3b 62 2e 72 65 6d 6f 76 65 28 29 3b 69 66 28 64 3d 3d 3d 22 6e 6f 6e 65 22 7c 7c 64 3d 3d 3d 22 22 29 64 3d 22 62 6c 6f 63 6b 22 3b 65 61 5b 61 5d 3d 64 7d 72 65 74 75 72 6e 20 65 61 5b 61 5d 7d 66 75 6e 63 74 69 6f 6e 20 66 61 28 61 29 7b 72 65 74 75 72 6e 20 63 2e 69 73 57 69 6e 64 6f 77 28 61 29 3f 61 3a 61 2e 6e 6f 64 65 54 79 70 65 3d 3d 3d 39 3f 61 2e 64 65 66 61 75 6c 74 56 69 65 77 7c 7c 61 2e 70 61 72 65 6e 74 57 69 6e 64 6f 77 3a 66 61 6c 73 65 7d 76 61 72 20 74 3d 45 2e 64 6f 63 75 6d 65 6e 74 2c 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 61 28 29 7b 69 66 28 21 62 2e 69 73 52 65
                                                                                                                                                                                                                                                                                      Data Ascii: ("<"+a+">").appendTo("body"),d=b.css("display");b.remove();if(d==="none"||d==="")d="block";ea[a]=d}return ea[a]}function fa(a){return c.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:false}var t=E.document,c=function(){function a(){if(!b.isRe
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 6e 74 28 7a 5b 31 5d 29 5d 3b 62 2e 66 6e 2e 61 74 74 72 2e 63 61 6c 6c 28 6a 2c 73 2c 74 72 75 65 29 7d 65 6c 73 65 20 6a 3d 5b 48 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 7a 5b 31 5d 29 5d 3b 65 6c 73 65 7b 7a 3d 62 2e 62 75 69 6c 64 46 72 61 67 6d 65 6e 74 28 5b 76 5b 31 5d 5d 2c 5b 48 5d 29 3b 6a 3d 28 7a 2e 63 61 63 68 65 61 62 6c 65 3f 7a 2e 66 72 61 67 6d 65 6e 74 2e 63 6c 6f 6e 65 4e 6f 64 65 28 74 72 75 65 29 3a 7a 2e 66 72 61 67 6d 65 6e 74 29 2e 63 68 69 6c 64 4e 6f 64 65 73 7d 72 65 74 75 72 6e 20 62 2e 6d 65 72 67 65 28 74 68 69 73 2c 0a 6a 29 7d 65 6c 73 65 7b 69 66 28 28 7a 3d 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 76 5b 32 5d 29 29 26 26 7a 2e 70 61 72 65 6e 74 4e 6f 64 65 29 7b 69 66 28 7a 2e 69 64 21 3d 3d 76 5b 32 5d 29
                                                                                                                                                                                                                                                                                      Data Ascii: nt(z[1])];b.fn.attr.call(j,s,true)}else j=[H.createElement(z[1])];else{z=b.buildFragment([v[1]],[H]);j=(z.cacheable?z.fragment.cloneNode(true):z.fragment).childNodes}return b.merge(this,j)}else{if((z=t.getElementById(v[2]))&&z.parentNode){if(z.id!==v[2])
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 61 63 6b 28 4e 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 2c 22 73 6c 69 63 65 22 2c 4e 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 29 2e 6a 6f 69 6e 28 22 2c 22 29 29 7d 2c 6d 61 70 3a 66 75 6e 63 74 69 6f 6e 28 6a 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 62 2e 6d 61 70 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 73 2c 76 29 7b 72 65 74 75 72 6e 20 6a 2e 63 61 6c 6c 28 73 2c 76 2c 73 29 7d 29 29 7d 2c 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 72 65 76 4f 62 6a 65 63 74 7c 7c 62 28 6e 75 6c 6c 29 7d 2c 70 75 73 68 3a 4d 2c 73 6f 72 74 3a 5b 5d 2e 73 6f 72 74 2c 73 70 6c 69 63 65 3a 5b 5d 2e 73 70 6c 69 63 65 7d 3b 62 2e 66 6e 2e 69 6e 69 74 2e 70 72 6f 74 6f
                                                                                                                                                                                                                                                                                      Data Ascii: ack(N.apply(this,arguments),"slice",N.call(arguments).join(","))},map:function(j){return this.pushStack(b.map(this,function(s,v){return j.call(s,v,s)}))},end:function(){return this.prevObject||b(null)},push:M,sort:[].sort,splice:[].splice};b.fn.init.proto
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 68 45 76 65 6e 74 28 22 6f 6e 6c 6f 61 64 22 2c 0a 62 2e 72 65 61 64 79 29 3b 76 61 72 20 6a 3d 66 61 6c 73 65 3b 74 72 79 7b 6a 3d 45 2e 66 72 61 6d 65 45 6c 65 6d 65 6e 74 3d 3d 6e 75 6c 6c 7d 63 61 74 63 68 28 73 29 7b 7d 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 64 6f 53 63 72 6f 6c 6c 26 26 6a 26 26 61 28 29 7d 7d 7d 2c 69 73 46 75 6e 63 74 69 6f 6e 3a 66 75 6e 63 74 69 6f 6e 28 6a 29 7b 72 65 74 75 72 6e 20 62 2e 74 79 70 65 28 6a 29 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 7d 2c 69 73 41 72 72 61 79 3a 41 72 72 61 79 2e 69 73 41 72 72 61 79 7c 7c 66 75 6e 63 74 69 6f 6e 28 6a 29 7b 72 65 74 75 72 6e 20 62 2e 74 79 70 65 28 6a 29 3d 3d 3d 22 61 72 72 61 79 22 7d 2c 69 73 57 69 6e 64 6f 77 3a 66 75 6e 63 74 69 6f 6e 28 6a 29 7b 72 65 74 75
                                                                                                                                                                                                                                                                                      Data Ascii: hEvent("onload",b.ready);var j=false;try{j=E.frameElement==null}catch(s){}t.documentElement.doScroll&&j&&a()}}},isFunction:function(j){return b.type(j)==="function"},isArray:Array.isArray||function(j){return b.type(j)==="array"},isWindow:function(j){retu
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 70 65 72 43 61 73 65 28 29 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 6a 2c 73 2c 76 29 7b 76 61 72 20 7a 2c 48 3d 30 2c 47 3d 6a 2e 6c 65 6e 67 74 68 2c 4b 3d 47 3d 3d 3d 42 7c 7c 62 2e 69 73 46 75 6e 63 74 69 6f 6e 28 6a 29 3b 69 66 28 76 29 69 66 28 4b 29 66 6f 72 28 7a 20 69 6e 20 6a 29 7b 69 66 28 73 2e 61 70 70 6c 79 28 6a 5b 7a 5d 2c 76 29 3d 3d 3d 66 61 6c 73 65 29 62 72 65 61 6b 7d 65 6c 73 65 20 66 6f 72 28 3b 48 3c 47 3b 29 7b 69 66 28 73 2e 61 70 70 6c 79 28 6a 5b 48 2b 2b 5d 2c 76 29 3d 3d 3d 66 61 6c 73 65 29 62 72 65 61 6b 7d 65 6c 73 65 20 69 66 28 4b 29 66 6f 72 28 7a 20 69 6e 20 6a 29 7b 69 66 28 73 2e 63 61 6c 6c 28 6a 5b 7a 5d 2c 0a 7a 2c 6a 5b 7a 5d 29 3d 3d 3d 66 61 6c 73 65 29 62 72 65 61 6b 7d 65 6c 73 65 20 66 6f 72 28 76 3d
                                                                                                                                                                                                                                                                                      Data Ascii: perCase()},each:function(j,s,v){var z,H=0,G=j.length,K=G===B||b.isFunction(j);if(v)if(K)for(z in j){if(s.apply(j[z],v)===false)break}else for(;H<G;){if(s.apply(j[H++],v)===false)break}else if(K)for(z in j){if(s.call(j[z],z,j[z])===false)break}else for(v=
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 3a 66 75 6e 63 74 69 6f 6e 28 6a 2c 73 2c 76 2c 7a 2c 48 2c 47 29 7b 76 61 72 20 4b 3d 6a 2e 6c 65 6e 67 74 68 3b 69 66 28 74 79 70 65 6f 66 20 73 3d 3d 3d 22 6f 62 6a 65 63 74 22 29 7b 66 6f 72 28 76 61 72 20 51 20 69 6e 20 73 29 62 2e 61 63 63 65 73 73 28 6a 2c 51 2c 73 5b 51 5d 2c 7a 2c 48 2c 76 29 3b 72 65 74 75 72 6e 20 6a 7d 69 66 28 76 21 3d 3d 42 29 7b 7a 3d 21 47 26 26 7a 26 26 62 2e 69 73 46 75 6e 63 74 69 6f 6e 28 76 29 3b 66 6f 72 28 51 3d 30 3b 51 3c 4b 3b 51 2b 2b 29 48 28 6a 5b 51 5d 2c 73 2c 7a 3f 76 2e 63 61 6c 6c 28 6a 5b 51 5d 2c 51 2c 48 28 6a 5b 51 5d 2c 73 29 29 3a 76 2c 47 29 3b 72 65 74 75 72 6e 20 6a 7d 72 65 74 75 72 6e 20 4b 3f 48 28 6a 5b 30 5d 2c 73 29 3a 42 7d 2c 6e 6f 77 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e
                                                                                                                                                                                                                                                                                      Data Ascii: :function(j,s,v,z,H,G){var K=j.length;if(typeof s==="object"){for(var Q in s)b.access(j,Q,s[Q],z,H,v);return j}if(v!==B){z=!G&&z&&b.isFunction(v);for(Q=0;Q<K;Q++)H(j[Q],s,z?v.call(j[Q],Q,H(j[Q],s)):v,G);return j}return K?H(j[0],s):B},now:function(){return
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 54 61 67 4e 61 6d 65 28 22 61 22 29 5b 30 5d 2c 6c 3d 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 65 6c 65 63 74 22 29 2c 0a 6b 3d 6c 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 6f 70 74 69 6f 6e 22 29 29 3b 69 66 28 21 28 21 66 7c 7c 21 66 2e 6c 65 6e 67 74 68 7c 7c 21 68 29 29 7b 63 2e 73 75 70 70 6f 72 74 3d 7b 6c 65 61 64 69 6e 67 57 68 69 74 65 73 70 61 63 65 3a 64 2e 66 69 72 73 74 43 68 69 6c 64 2e 6e 6f 64 65 54 79 70 65 3d 3d 3d 33 2c 74 62 6f 64 79 3a 21 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 74 62 6f 64 79 22 29 2e 6c 65 6e 67 74 68 2c 68 74 6d 6c 53 65 72 69 61 6c 69 7a 65 3a 21 21 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 6c
                                                                                                                                                                                                                                                                                      Data Ascii: TagName("a")[0],l=t.createElement("select"),k=l.appendChild(t.createElement("option"));if(!(!f||!f.length||!h)){c.support={leadingWhitespace:d.firstChild.nodeType===3,tbody:!d.getElementsByTagName("tbody").length,htmlSerialize:!!d.getElementsByTagName("l


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      22192.168.2.849758104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC597OUTGET /misc/jquery-extend-3.4.0.js?v=1.4.4 HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC707INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:16 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                                                                                                      Content-Length: 3415
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 06 Dec 2023 14:25:06 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 03 Nov 2024 00:41:50 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 338366
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RnBrwZg%2FF%2B38RGM8q%2BF6Zw0rRz%2FEXqm2zyApu5nURsbYsvguFFCeUk2JmXcy8ML459kw8kLFd02thq3kfzlKRoC%2FGb9K5p1OZU9OGw3a6wsEBHs5pXY1pXvM7hZvmbx0PBt5QCLAsWwmlT5A3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165cd38888c0c-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC662INData Raw: 2f 2a 2a 0a 20 2a 20 46 6f 72 20 6a 51 75 65 72 79 20 76 65 72 73 69 6f 6e 73 20 6c 65 73 73 20 74 68 61 6e 20 33 2e 34 2e 30 2c 20 74 68 69 73 20 72 65 70 6c 61 63 65 73 20 74 68 65 20 6a 51 75 65 72 79 2e 65 78 74 65 6e 64 0a 20 2a 20 66 75 6e 63 74 69 6f 6e 20 77 69 74 68 20 74 68 65 20 6f 6e 65 20 66 72 6f 6d 20 6a 51 75 65 72 79 20 33 2e 34 2e 30 2c 20 73 6c 69 67 68 74 6c 79 20 6d 6f 64 69 66 69 65 64 20 28 64 6f 63 75 6d 65 6e 74 65 64 0a 20 2a 20 62 65 6c 6f 77 29 20 74 6f 20 62 65 20 63 6f 6d 70 61 74 69 62 6c 65 20 77 69 74 68 20 6f 6c 64 65 72 20 6a 51 75 65 72 79 20 76 65 72 73 69 6f 6e 73 20 61 6e 64 20 62 72 6f 77 73 65 72 73 2e 0a 20 2a 0a 20 2a 20 54 68 69 73 20 70 72 6f 76 69 64 65 73 20 74 68 65 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74
                                                                                                                                                                                                                                                                                      Data Ascii: /** * For jQuery versions less than 3.4.0, this replaces the jQuery.extend * function with the one from jQuery 3.4.0, slightly modified (documented * below) to be compatible with older jQuery versions and browsers. * * This provides the Object.protot
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 65 72 73 69 6f 6e 20 3d 20 70 61 72 73 65 49 6e 74 28 76 65 72 73 69 6f 6e 50 61 72 74 73 5b 30 5d 29 3b 0a 76 61 72 20 6d 69 6e 6f 72 56 65 72 73 69 6f 6e 20 3d 20 70 61 72 73 65 49 6e 74 28 76 65 72 73 69 6f 6e 50 61 72 74 73 5b 31 5d 29 3b 0a 76 61 72 20 70 61 74 63 68 56 65 72 73 69 6f 6e 20 3d 20 70 61 72 73 65 49 6e 74 28 76 65 72 73 69 6f 6e 50 61 72 74 73 5b 32 5d 29 3b 0a 76 61 72 20 69 73 50 72 65 52 65 6c 65 61 73 65 56 65 72 73 69 6f 6e 20 3d 20 28 70 61 74 63 68 56 65 72 73 69 6f 6e 2e 74 6f 53 74 72 69 6e 67 28 29 20 21 3d 3d 20 76 65 72 73 69 6f 6e 50 61 72 74 73 5b 32 5d 29 3b 0a 69 66 20 28 0a 20 20 28 6d 61 6a 6f 72 56 65 72 73 69 6f 6e 20 3e 20 33 29 20 7c 7c 0a 20 20 28 6d 61 6a 6f 72 56 65 72 73 69 6f 6e 20 3d 3d 3d 20 33 20 26 26 20
                                                                                                                                                                                                                                                                                      Data Ascii: ersion = parseInt(versionParts[0]);var minorVersion = parseInt(versionParts[1]);var patchVersion = parseInt(versionParts[2]);var isPreReleaseVersion = (patchVersion.toString() !== versionParts[2]);if ( (majorVersion > 3) || (majorVersion === 3 &&
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 20 7b 7d 3b 0a 20 20 7d 0a 0a 20 20 2f 2f 20 45 78 74 65 6e 64 20 6a 51 75 65 72 79 20 69 74 73 65 6c 66 20 69 66 20 6f 6e 6c 79 20 6f 6e 65 20 61 72 67 75 6d 65 6e 74 20 69 73 20 70 61 73 73 65 64 0a 20 20 69 66 20 28 20 69 20 3d 3d 3d 20 6c 65 6e 67 74 68 20 29 20 7b 0a 20 20 20 20 74 61 72 67 65 74 20 3d 20 74 68 69 73 3b 0a 20 20 20 20 69 2d 2d 3b 0a 20 20 7d 0a 0a 20 20 66 6f 72 20 28 20 3b 20 69 20 3c 20 6c 65 6e 67 74 68 3b 20 69 2b 2b 20 29 20 7b 0a 0a 20 20 20 20 2f 2f 20 4f 6e 6c 79 20 64 65 61 6c 20 77 69 74 68 20 6e 6f 6e 2d 6e 75 6c 6c 2f 75 6e 64 65 66 69 6e 65 64 20 76 61 6c 75 65 73 0a 20 20 20 20 69 66 20 28 20 28 20 6f 70 74 69 6f 6e 73 20 3d 20 61 72 67 75 6d 65 6e 74 73 5b 20 69 20 5d 20 29 20 21 3d 20 6e 75 6c 6c 20 29 20 7b 0a 0a 20
                                                                                                                                                                                                                                                                                      Data Ascii: {}; } // Extend jQuery itself if only one argument is passed if ( i === length ) { target = this; i--; } for ( ; i < length; i++ ) { // Only deal with non-null/undefined values if ( ( options = arguments[ i ] ) != null ) {
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC15INData Raw: 3b 0a 0a 7d 29 28 6a 51 75 65 72 79 29 3b 0a
                                                                                                                                                                                                                                                                                      Data Ascii: ;})(jQuery);


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      23192.168.2.849762104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC614OUTGET /misc/jquery-html-prefilter-3.5.0-backport.js?v=1.4.4 HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC719INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:16 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                                                                                                      Content-Length: 12629
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 06 Dec 2023 14:25:06 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 16:15:42 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2183134
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F183txat9l8ckp29aNJVWF7GUYP%2BYNX%2Brmc5f7FUPNgvqb%2BPZ83V13Hh8If%2B6%2B1Y6XjdgG18OwEg4EYMJF0jw1uU163S%2BO7q8zUCe%2Bn7Vsg1gz%2F8F2qpbzdpdI6xIdeSLUsz%2FZzNLyGtiUTPeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165cd2f184326-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC650INData Raw: 2f 2a 2a 0a 20 2a 20 46 6f 72 20 6a 51 75 65 72 79 20 76 65 72 73 69 6f 6e 73 20 6c 65 73 73 20 74 68 61 6e 20 33 2e 35 2e 30 2c 20 74 68 69 73 20 72 65 70 6c 61 63 65 73 20 74 68 65 20 6a 51 75 65 72 79 2e 68 74 6d 6c 50 72 65 66 69 6c 74 65 72 28 29 0a 20 2a 20 66 75 6e 63 74 69 6f 6e 20 77 69 74 68 20 6f 6e 65 20 74 68 61 74 20 66 69 78 65 73 20 74 68 65 73 65 20 73 65 63 75 72 69 74 79 20 76 75 6c 6e 65 72 61 62 69 6c 69 74 69 65 73 20 77 68 69 6c 65 20 61 6c 73 6f 0a 20 2a 20 72 65 74 61 69 6e 69 6e 67 20 74 68 65 20 70 72 65 2d 33 2e 35 2e 30 20 62 65 68 61 76 69 6f 72 20 77 68 65 72 65 20 69 74 27 73 20 73 61 66 65 20 74 6f 20 64 6f 20 73 6f 2e 0a 20 2a 20 2d 20 68 74 74 70 73 3a 2f 2f 63 76 65 2e 6d 69 74 72 65 2e 6f 72 67 2f 63 67 69 2d 62 69 6e
                                                                                                                                                                                                                                                                                      Data Ascii: /** * For jQuery versions less than 3.5.0, this replaces the jQuery.htmlPrefilter() * function with one that fixes these security vulnerabilities while also * retaining the pre-3.5.0 behavior where it's safe to do so. * - https://cve.mitre.org/cgi-bin
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 72 65 6e 74 20 76 65 72 73 69 6f 6e 2c 20 73 6f 20 74 68 69 73 20 63 6f 76 65 72 73 20 61 6c 6c 20 76 65 72 73 69 6f 6e 73 20 62 65 74 77 65 65 6e 20 31 2e 34 2e 34 20 61 6e 64 20 33 2e 34 2e 31 2e 0a 20 2a 20 54 68 65 20 47 69 74 48 75 62 20 6c 69 6e 6b 73 20 69 6e 20 74 68 65 20 63 6f 64 65 20 63 6f 6d 6d 65 6e 74 73 20 62 65 6c 6f 77 20 6c 69 6e 6b 20 74 6f 20 6a 51 75 65 72 79 20 31 2e 35 20 63 6f 64 65 2c 20 62 65 63 61 75 73 65 0a 20 2a 20 31 2e 34 2e 34 20 69 73 6e 27 74 20 6f 6e 20 47 69 74 48 75 62 2c 20 62 75 74 20 74 68 65 20 72 65 66 65 72 65 6e 63 65 64 20 63 6f 64 65 20 64 69 64 6e 27 74 20 63 68 61 6e 67 65 20 66 72 6f 6d 20 31 2e 34 2e 34 20 74 6f 0a 20 2a 20 31 2e 35 2e 0a 20 2a 2f 0a 0a 28 66 75 6e 63 74 69 6f 6e 20 28 6a 51 75 65 72 79
                                                                                                                                                                                                                                                                                      Data Ascii: rent version, so this covers all versions between 1.4.4 and 3.4.1. * The GitHub links in the code comments below link to jQuery 1.5 code, because * 1.4.4 isn't on GitHub, but the referenced code didn't change from 1.4.4 to * 1.5. */(function (jQuery
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 72 65 35 33 2f 44 4f 4d 50 75 72 69 66 79 2f 62 6c 6f 62 2f 32 2e 30 2e 31 31 2f 64 69 73 74 2f 70 75 72 69 66 79 2e 6a 73 23 4c 31 32 38 0a 20 20 2f 2f 20 2d 20 41 20 6e 6f 72 6d 61 6c 20 65 6c 65 6d 65 6e 74 20 28 6e 6f 74 20 61 20 76 6f 69 64 2c 20 74 65 6d 70 6c 61 74 65 2c 20 74 65 78 74 2c 20 6f 72 20 66 6f 72 65 69 67 6e 20 65 6c 65 6d 65 6e 74 29 2e 0a 20 20 2f 2f 20 20 20 40 73 65 65 20 68 74 74 70 73 3a 2f 2f 68 74 6d 6c 2e 73 70 65 63 2e 77 68 61 74 77 67 2e 6f 72 67 2f 6d 75 6c 74 69 70 61 67 65 2f 73 79 6e 74 61 78 2e 68 74 6d 6c 23 65 6c 65 6d 65 6e 74 73 2d 32 0a 20 20 2f 2f 20 2d 20 41 6e 20 65 6c 65 6d 65 6e 74 20 74 68 61 74 20 69 73 20 73 74 69 6c 6c 20 64 65 66 69 6e 65 64 20 62 79 20 74 68 65 20 63 75 72 72 65 6e 74 20 48 54 4d 4c 20
                                                                                                                                                                                                                                                                                      Data Ascii: re53/DOMPurify/blob/2.0.11/dist/purify.js#L128 // - A normal element (not a void, template, text, or foreign element). // @see https://html.spec.whatwg.org/multipage/syntax.html#elements-2 // - An element that is still defined by the current HTML
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 20 27 73 65 63 74 69 6f 6e 27 2c 20 27 73 65 6c 65 63 74 27 2c 20 27 73 6d 61 6c 6c 27 2c 20 27 73 6f 75 72 63 65 27 2c 20 27 73 70 61 6e 27 2c 0a 20 20 20 20 27 73 74 72 6f 6e 67 27 2c 20 27 73 75 62 27 2c 20 27 73 75 6d 6d 61 72 79 27 2c 20 27 73 75 70 27 2c 20 27 74 61 62 6c 65 27 2c 20 27 74 62 6f 64 79 27 2c 20 27 74 64 27 2c 20 27 74 66 6f 6f 74 27 2c 20 27 74 68 27 2c 0a 20 20 20 20 27 74 68 65 61 64 27 2c 20 27 74 69 6d 65 27 2c 20 27 74 72 27 2c 20 27 75 27 2c 20 27 75 6c 27 2c 20 27 76 61 72 27 2c 20 27 76 69 64 65 6f 27 0a 20 20 5d 3b 0a 0a 20 20 2f 2f 20 44 65 66 69 6e 65 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 73 20 66 6f 72 20 3c 54 41 47 2f 3e 20 61 6e 64 20 3c 54 41 47 20 41 54 54 52 49 42 55 54 45 53 2f 3e 2e 20 44 6f 69
                                                                                                                                                                                                                                                                                      Data Ascii: 'section', 'select', 'small', 'source', 'span', 'strong', 'sub', 'summary', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'time', 'tr', 'u', 'ul', 'var', 'video' ]; // Define regular expressions for <TAG/> and <TAG ATTRIBUTES/>. Doi
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 0a 20 20 76 61 72 20 72 74 61 67 4e 61 6d 65 3b 0a 20 20 69 66 20 28 6d 61 6a 6f 72 56 65 72 73 69 6f 6e 20 3c 20 33 29 20 7b 0a 20 20 20 20 72 74 61 67 4e 61 6d 65 20 3d 20 2f 3c 28 5b 5c 77 3a 5d 2b 29 2f 3b 0a 20 20 7d 0a 20 20 65 6c 73 65 20 69 66 20 28 6d 69 6e 6f 72 56 65 72 73 69 6f 6e 20 3c 20 34 29 20 7b 0a 20 20 20 20 72 74 61 67 4e 61 6d 65 20 3d 20 2f 3c 28 5b 61 2d 7a 5d 5b 5e 5c 2f 5c 30 3e 5c 78 32 30 5c 74 5c 72 5c 6e 5c 66 5d 2b 29 2f 69 3b 0a 20 20 7d 0a 20 20 65 6c 73 65 20 7b 0a 20 20 20 20 72 74 61 67 4e 61 6d 65 20 3d 20 2f 3c 28 5b 61 2d 7a 5d 5b 5e 5c 2f 5c 30 3e 5c 78 32 30 5c 74 5c 72 5c 6e 5c 66 5d 2a 29 2f 69 3b 0a 20 20 7d 0a 0a 20 20 2f 2f 20 54 68 65 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 20 74 68 61 74 20
                                                                                                                                                                                                                                                                                      Data Ascii: var rtagName; if (majorVersion < 3) { rtagName = /<([\w:]+)/; } else if (minorVersion < 4) { rtagName = /<([a-z][^\/\0>\x20\t\r\n\f]+)/i; } else { rtagName = /<([a-z][^\/\0>\x20\t\r\n\f]*)/i; } // The regular expression that
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 69 6e 67 2e 0a 20 20 20 20 20 20 2f 2f 20 40 73 65 65 20 68 74 74 70 73 3a 2f 2f 63 76 65 2e 6d 69 74 72 65 2e 6f 72 67 2f 63 67 69 2d 62 69 6e 2f 63 76 65 6e 61 6d 65 2e 63 67 69 3f 6e 61 6d 65 3d 43 56 45 2d 32 30 32 30 2d 31 31 30 32 33 0a 20 20 20 20 20 20 69 66 20 28 28 74 61 67 20 3d 3d 3d 20 27 6f 70 74 69 6f 6e 27 20 7c 7c 20 74 61 67 20 3d 3d 3d 20 27 6f 70 74 67 72 6f 75 70 27 29 20 26 26 20 68 74 6d 6c 2e 6d 61 74 63 68 28 2f 3c 5c 2f 3f 73 65 6c 65 63 74 2f 69 29 29 20 7b 0a 20 20 20 20 20 20 20 20 68 74 6d 6c 20 3d 20 27 27 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2f 2f 20 52 65 74 61 69 6e 20 6a 51 75 65 72 79 27 73 20 70 72 69 6f 72 20 74 6f 20 33 2e 35 20 63 6f 6e 76 65 72 73 69 6f 6e 20 6f 66 20 70 73 65 75 64 6f 2d 58 48 54 4d
                                                                                                                                                                                                                                                                                      Data Ascii: ing. // @see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023 if ((tag === 'option' || tag === 'optgroup') && html.match(/<\/?select/i)) { html = ''; } // Retain jQuery's prior to 3.5 conversion of pseudo-XHTM
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 45 76 65 6e 20 74 68 6f 75 67 68 20 68 74 6d 6c 52 69 73 6b 79 20 61 6e 64 20 68 74 6d 6c 20 61 72 65 20 64 69 66 66 65 72 65 6e 74 20 73 74 72 69 6e 67 73 2c 20 74 68 65 79 20 6d 69 67 68 74 0a 20 20 20 20 20 20 20 20 20 20 2f 2f 20 72 65 70 72 65 73 65 6e 74 20 74 68 65 20 73 61 6d 65 20 48 54 4d 4c 20 73 74 72 75 63 74 75 72 65 20 6f 6e 63 65 20 70 61 72 73 65 64 2c 20 69 6e 20 77 68 69 63 68 20 63 61 73 65 2c 0a 20 20 20 20 20 20 20 20 20 20 2f 2f 20 68 74 6d 6c 52 69 73 6b 79 20 69 73 20 61 63 74 75 61 6c 6c 79 20 73 61 66 65 2e 20 57 65 20 63 61 6e 20 61 73 6b 20 74 68 65 20 62 72 6f 77 73 65 72 20 74 6f 20 70 61 72 73 65 20 62 6f 74 68 0a 20 20 20 20 20 20 20 20 20 20 2f 2f 20 74 6f 20 66 69 6e 64 20 6f 75 74 2c 20 62 75 74 20 74 68 65 20 62 72 6f
                                                                                                                                                                                                                                                                                      Data Ascii: Even though htmlRisky and html are different strings, they might // represent the same HTML structure once parsed, in which case, // htmlRisky is actually safe. We can ask the browser to parse both // to find out, but the bro
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 20 20 20 20 20 20 20 20 7d 3b 0a 0a 20 20 20 20 20 20 20 20 20 20 2f 2f 20 46 75 6e 63 74 69 6f 6e 20 74 6f 20 72 65 74 75 72 6e 20 63 61 6e 6f 6e 69 63 61 6c 20 48 54 4d 4c 20 61 66 74 65 72 20 70 61 72 73 69 6e 67 20 69 74 2e 20 54 68 69 73 20 70 61 72 73 65 73 0a 20 20 20 20 20 20 20 20 20 20 2f 2f 20 6f 6e 6c 79 3b 20 69 74 20 64 6f 65 73 6e 27 74 20 65 78 65 63 75 74 65 20 73 63 72 69 70 74 73 2e 0a 20 20 20 20 20 20 20 20 20 20 2f 2f 20 40 73 65 65 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 6a 71 75 65 72 79 2f 6a 71 75 65 72 79 2d 6d 69 67 72 61 74 65 2f 62 6c 6f 62 2f 33 2e 33 2e 30 2f 73 72 63 2f 6a 71 75 65 72 79 2f 6d 61 6e 69 70 75 6c 61 74 69 6f 6e 2e 6a 73 23 4c 35 0a 20 20 20 20 20 20 20 20 20 20 76 61 72 20 67 65 74 50 61
                                                                                                                                                                                                                                                                                      Data Ascii: }; // Function to return canonical HTML after parsing it. This parses // only; it doesn't execute scripts. // @see https://github.com/jquery/jquery-migrate/blob/3.3.0/src/jquery/manipulation.js#L5 var getPa
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 6f 6d 2f 6a 71 75 65 72 79 2f 6a 71 75 65 72 79 2f 62 6c 6f 62 2f 31 2e 35 2f 6a 71 75 65 72 79 2e 6a 73 23 4c 35 31 34 37 0a 20 20 20 20 20 20 68 74 6d 6c 3a 20 66 75 6e 63 74 69 6f 6e 20 28 76 61 6c 75 65 29 20 7b 0a 20 20 20 20 20 20 20 20 69 66 20 28 74 79 70 65 6f 66 20 76 61 6c 75 65 20 3d 3d 3d 20 22 73 74 72 69 6e 67 22 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 76 61 6c 75 65 20 3d 20 6a 51 75 65 72 79 2e 68 74 6d 6c 50 72 65 66 69 6c 74 65 72 28 76 61 6c 75 65 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2f 2f 20 2e 68 74 6d 6c 28 29 20 63 61 6e 20 62 65 20 63 61 6c 6c 65 64 20 61 73 20 61 20 73 65 74 74 65 72 20 28 77 69 74 68 20 61 6e 20 61 72 67 75 6d 65 6e 74 29 20 6f 72 20 61 73 20 61 20 67 65 74 74 65 72 0a 20 20 20 20 20
                                                                                                                                                                                                                                                                                      Data Ascii: om/jquery/jquery/blob/1.5/jquery.js#L5147 html: function (value) { if (typeof value === "string") { value = jQuery.htmlPrefilter(value); } // .html() can be called as a setter (with an argument) or as a getter
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1027INData Raw: 74 73 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 66 6f 72 20 28 20 76 61 72 20 69 20 3d 20 30 2c 20 65 6c 65 6d 3b 20 28 65 6c 65 6d 20 3d 20 65 6c 65 6d 73 5b 69 5d 29 20 21 3d 20 6e 75 6c 6c 3b 20 69 2b 2b 20 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 20 74 79 70 65 6f 66 20 65 6c 65 6d 20 3d 3d 3d 20 22 73 74 72 69 6e 67 22 20 26 26 20 72 68 74 6d 6c 2e 74 65 73 74 28 20 65 6c 65 6d 20 29 20 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 65 6c 65 6d 73 5b 69 5d 20 3d 20 65 6c 65 6d 20 3d 20 6a 51 75 65 72 79 2e 68 74 6d 6c 50 72 65 66 69 6c 74 65 72 28 65 6c 65 6d 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 6f 72 69 67 69 6e 61 6c 43 6c
                                                                                                                                                                                                                                                                                      Data Ascii: ts) { for ( var i = 0, elem; (elem = elems[i]) != null; i++ ) { if ( typeof elem === "string" && rhtml.test( elem ) ) { elems[i] = elem = jQuery.htmlPrefilter(elem); } } return originalCl


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      24192.168.2.849763104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC587OUTGET /misc/jquery.once.js?v=1.2 HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC704INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:16 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                                                                                                      Content-Length: 2974
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 06 Dec 2023 14:25:06 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 16:15:42 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2183134
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5LA3ihXnz5e6btAu6ac4YzKSSJktCYTNA%2Bymi4cB3asFX0FzjutmVVYZiQ4N0wqNFNz97S4gVHyBb57WwajHA6cspnZe7zlWiUPt8WdeBVJv2vUhZCYp%2BgiznVfSTXJLp44KR9ox%2F05g4JZfmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165cd7be2433e-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC665INData Raw: 0a 2f 2a 2a 0a 20 2a 20 6a 51 75 65 72 79 20 4f 6e 63 65 20 50 6c 75 67 69 6e 20 76 31 2e 32 0a 20 2a 20 68 74 74 70 3a 2f 2f 70 6c 75 67 69 6e 73 2e 6a 71 75 65 72 79 2e 63 6f 6d 2f 70 72 6f 6a 65 63 74 2f 6f 6e 63 65 0a 20 2a 0a 20 2a 20 44 75 61 6c 20 6c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 61 6e 64 20 47 50 4c 20 6c 69 63 65 6e 73 65 73 3a 0a 20 2a 20 20 20 68 74 74 70 3a 2f 2f 77 77 77 2e 6f 70 65 6e 73 6f 75 72 63 65 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 73 2f 6d 69 74 2d 6c 69 63 65 6e 73 65 2e 70 68 70 0a 20 2a 20 20 20 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6e 75 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 73 2f 67 70 6c 2e 68 74 6d 6c 0a 20 2a 2f 0a 0a 28 66 75 6e 63 74 69 6f 6e 20 28 24 29 20 7b 0a 20 20 76 61 72 20 63 61 63 68
                                                                                                                                                                                                                                                                                      Data Ascii: /** * jQuery Once Plugin v1.2 * http://plugins.jquery.com/project/once * * Dual licensed under the MIT and GPL licenses: * http://www.opensource.org/licenses/mit-license.php * http://www.gnu.org/licenses/gpl.html */(function ($) { var cach
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC1369INData Raw: 69 74 20 77 69 6c 6c 20 62 65 20 70 61 73 73 65 64 20 6f 66 66 20 74 6f 20 74 68 65 20 66 6e 0a 20 20 20 2a 20 20 20 70 61 72 61 6d 65 74 65 72 20 61 6e 64 20 74 68 65 20 69 64 20 77 69 6c 6c 20 62 65 63 6f 6d 65 20 61 20 75 6e 69 71 75 65 20 69 64 65 6e 74 69 66 69 65 72 2c 20 72 65 70 72 65 73 65 6e 74 65 64 20 61 73 20 61 0a 20 20 20 2a 20 20 20 6e 75 6d 62 65 72 2e 0a 20 20 20 2a 0a 20 20 20 2a 20 20 20 57 68 65 6e 20 74 68 65 20 69 64 20 69 73 20 6e 65 69 74 68 65 72 20 61 20 73 74 72 69 6e 67 20 6f 72 20 61 20 66 75 6e 63 74 69 6f 6e 2c 20 69 74 20 62 65 63 6f 6d 65 73 20 61 20 75 6e 69 71 75 65 0a 20 20 20 2a 20 20 20 69 64 65 6e 74 69 66 69 65 72 2c 20 64 65 70 69 63 74 65 64 20 61 73 20 61 20 6e 75 6d 62 65 72 2e 20 54 68 65 20 65 6c 65 6d 65 6e
                                                                                                                                                                                                                                                                                      Data Ascii: it will be passed off to the fn * parameter and the id will become a unique identifier, represented as a * number. * * When the id is neither a string or a function, it becomes a unique * identifier, depicted as a number. The elemen
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:16 UTC940INData Raw: 20 20 2f 2a 2a 0a 20 20 20 2a 20 46 69 6c 74 65 72 73 20 65 6c 65 6d 65 6e 74 73 20 74 68 61 74 20 68 61 76 65 20 62 65 65 6e 20 70 72 6f 63 65 73 73 65 64 20 6f 6e 63 65 20 61 6c 72 65 61 64 79 2e 0a 20 20 20 2a 0a 20 20 20 2a 20 40 70 61 72 61 6d 20 69 64 0a 20 20 20 2a 20 20 20 41 20 72 65 71 75 69 72 65 64 20 73 74 72 69 6e 67 20 72 65 70 72 65 73 65 6e 74 69 6e 67 20 74 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 63 6c 61 73 73 20 77 68 69 63 68 20 73 68 6f 75 6c 64 20 62 65 20 75 73 65 64 0a 20 20 20 2a 20 20 20 77 68 65 6e 20 66 69 6c 74 65 72 69 6e 67 20 74 68 65 20 65 6c 65 6d 65 6e 74 73 2e 20 54 68 69 73 20 6f 6e 6c 79 20 66 69 6c 74 65 72 73 20 65 6c 65 6d 65 6e 74 73 20 74 68 61 74 20 68 61 76 65 20 61 6c 72 65 61 64 79 0a 20 20 20 2a 20 20
                                                                                                                                                                                                                                                                                      Data Ascii: /** * Filters elements that have been processed once already. * * @param id * A required string representing the name of the class which should be used * when filtering the elements. This only filters elements that have already *


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      25192.168.2.849777104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC583OUTGET /misc/drupal.js?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC703INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:17 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                                                                                                      Content-Length: 20611
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 06 Dec 2023 14:25:06 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 16:15:42 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2183135
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zFzOUPG935eV7e8ENPJ1nyYULebGVDopilhnO7McXSHsYBMKtfqgOoknTPSUyJiFm7nhy57uNeqB46Rs%2FvuNib%2Fevnyx5qSvD9fFb7PSYHTKsg2jdplfXKHGO1usqcWaspCtWcLoScpGj5D3iw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165d3d8b58c0b-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC666INData Raw: 0a 76 61 72 20 44 72 75 70 61 6c 20 3d 20 44 72 75 70 61 6c 20 7c 7c 20 7b 20 27 73 65 74 74 69 6e 67 73 27 3a 20 7b 7d 2c 20 27 62 65 68 61 76 69 6f 72 73 27 3a 20 7b 7d 2c 20 27 6c 6f 63 61 6c 65 27 3a 20 7b 7d 20 7d 3b 0a 0a 2f 2f 20 41 6c 6c 6f 77 20 6f 74 68 65 72 20 4a 61 76 61 53 63 72 69 70 74 20 6c 69 62 72 61 72 69 65 73 20 74 6f 20 75 73 65 20 24 2e 0a 6a 51 75 65 72 79 2e 6e 6f 43 6f 6e 66 6c 69 63 74 28 29 3b 0a 0a 28 66 75 6e 63 74 69 6f 6e 20 28 24 29 20 7b 0a 0a 2f 2a 2a 0a 20 2a 20 4f 76 65 72 72 69 64 65 20 6a 51 75 65 72 79 2e 66 6e 2e 69 6e 69 74 20 74 6f 20 67 75 61 72 64 20 61 67 61 69 6e 73 74 20 58 53 53 20 61 74 74 61 63 6b 73 2e 0a 20 2a 0a 20 2a 20 53 65 65 20 68 74 74 70 3a 2f 2f 62 75 67 73 2e 6a 71 75 65 72 79 2e 63 6f 6d 2f
                                                                                                                                                                                                                                                                                      Data Ascii: var Drupal = Drupal || { 'settings': {}, 'behaviors': {}, 'locale': {} };// Allow other JavaScript libraries to use $.jQuery.noConflict();(function ($) {/** * Override jQuery.fn.init to guard against XSS attacks. * * See http://bugs.jquery.com/
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 77 20 27 53 79 6e 74 61 78 20 65 72 72 6f 72 2c 20 75 6e 72 65 63 6f 67 6e 69 7a 65 64 20 65 78 70 72 65 73 73 69 6f 6e 3a 20 27 20 2b 20 73 65 6c 65 63 74 6f 72 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 20 20 7d 0a 20 20 72 65 74 75 72 6e 20 6a 71 75 65 72 79 5f 69 6e 69 74 2e 63 61 6c 6c 28 74 68 69 73 2c 20 73 65 6c 65 63 74 6f 72 2c 20 63 6f 6e 74 65 78 74 2c 20 72 6f 6f 74 6a 51 75 65 72 79 29 3b 0a 7d 3b 0a 24 2e 66 6e 2e 69 6e 69 74 2e 70 72 6f 74 6f 74 79 70 65 20 3d 20 6a 71 75 65 72 79 5f 69 6e 69 74 2e 70 72 6f 74 6f 74 79 70 65 3b 0a 0a 2f 2a 2a 0a 20 2a 20 50 72 65 2d 66 69 6c 74 65 72 20 41 6a 61 78 20 72 65 71 75 65 73 74 73 20 74 6f 20 67 75 61 72 64 20 61 67 61 69 6e 73 74 20 58 53 53 20 61 74 74 61 63 6b 73 2e 0a 20 2a 0a 20 2a 20
                                                                                                                                                                                                                                                                                      Data Ascii: w 'Syntax error, unrecognized expression: ' + selector; } } } return jquery_init.call(this, selector, context, rootjQuery);};$.fn.init.prototype = jquery_init.prototype;/** * Pre-filter Ajax requests to guard against XSS attacks. * *
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 20 7d 0a 20 20 20 20 72 65 74 75 72 6e 20 6a 71 75 65 72 79 5f 68 74 74 70 44 61 74 61 2e 63 61 6c 6c 28 74 68 69 73 2c 20 78 68 72 2c 20 74 79 70 65 2c 20 73 29 3b 0a 20 20 7d 3b 0a 20 20 24 2e 68 74 74 70 44 61 74 61 2e 70 72 6f 74 6f 74 79 70 65 20 3d 20 6a 71 75 65 72 79 5f 68 74 74 70 44 61 74 61 2e 70 72 6f 74 6f 74 79 70 65 3b 0a 7d 0a 0a 2f 2a 2a 0a 20 2a 20 41 74 74 61 63 68 20 61 6c 6c 20 72 65 67 69 73 74 65 72 65 64 20 62 65 68 61 76 69 6f 72 73 20 74 6f 20 61 20 70 61 67 65 20 65 6c 65 6d 65 6e 74 2e 0a 20 2a 0a 20 2a 20 42 65 68 61 76 69 6f 72 73 20 61 72 65 20 65 76 65 6e 74 2d 74 72 69 67 67 65 72 65 64 20 61 63 74 69 6f 6e 73 20 74 68 61 74 20 61 74 74 61 63 68 20 74 6f 20 70 61 67 65 20 65 6c 65 6d 65 6e 74 73 2c 20 65 6e 68 61 6e 63 69
                                                                                                                                                                                                                                                                                      Data Ascii: } return jquery_httpData.call(this, xhr, type, s); }; $.httpData.prototype = jquery_httpData.prototype;}/** * Attach all registered behaviors to a page element. * * Behaviors are event-triggered actions that attach to page elements, enhanci
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 63 68 20 62 65 68 61 76 69 6f 72 73 20 74 6f 2e 20 49 66 20 6e 6f 6e 65 20 69 73 20 67 69 76 65 6e 2c 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 65 6c 65 6d 65 6e 74 0a 20 2a 20 20 20 69 73 20 75 73 65 64 2e 0a 20 2a 20 40 70 61 72 61 6d 20 73 65 74 74 69 6e 67 73 0a 20 2a 20 20 20 41 6e 20 6f 62 6a 65 63 74 20 63 6f 6e 74 61 69 6e 69 6e 67 20 73 65 74 74 69 6e 67 73 20 66 6f 72 20 74 68 65 20 63 75 72 72 65 6e 74 20 63 6f 6e 74 65 78 74 2e 20 49 66 20 6e 6f 6e 65 20 67 69 76 65 6e 2c 20 74 68 65 0a 20 2a 20 20 20 67 6c 6f 62 61 6c 20 44 72 75 70 61 6c 2e 73 65 74 74 69 6e 67 73 20 6f 62 6a 65 63 74 20 69 73 20 75 73 65 64 2e 0a 20 2a 2f 0a 44 72 75 70 61 6c 2e 61 74 74 61 63 68 42 65 68 61 76 69 6f 72 73 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 63 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ch behaviors to. If none is given, the document element * is used. * @param settings * An object containing settings for the current context. If none given, the * global Drupal.settings object is used. */Drupal.attachBehaviors = function (cont
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 74 27 73 20 63 61 75 73 69 6e 67 20 74 68 65 20 62 65 68 61 76 69 6f 72 73 20 74 6f 20 62 65 20 64 65 74 61 63 68 65 64 2e 20 54 68 65 0a 20 2a 20 20 20 70 6f 73 73 69 62 6c 65 20 74 72 69 67 67 65 72 73 20 61 72 65 3a 0a 20 2a 20 20 20 2d 20 75 6e 6c 6f 61 64 3a 20 28 64 65 66 61 75 6c 74 29 20 54 68 65 20 63 6f 6e 74 65 78 74 20 65 6c 65 6d 65 6e 74 20 69 73 20 62 65 69 6e 67 20 72 65 6d 6f 76 65 64 20 66 72 6f 6d 20 74 68 65 20 44 4f 4d 2e 0a 20 2a 20 20 20 2d 20 6d 6f 76 65 3a 20 54 68 65 20 65 6c 65 6d 65 6e 74 20 69 73 20 61 62 6f 75 74 20 74 6f 20 62 65 20 6d 6f 76 65 64 20 77 69 74 68 69 6e 20 74 68 65 20 44 4f 4d 20 28 66 6f 72 20 65 78 61 6d 70 6c 65 2c 0a 20 2a 20 20 20 20 20 64 75 72 69 6e 67 20 61 20 74 61 62 6c 65 64 72 61 67 20 72 6f 77 20
                                                                                                                                                                                                                                                                                      Data Ascii: t's causing the behaviors to be detached. The * possible triggers are: * - unload: (default) The context element is being removed from the DOM. * - move: The element is about to be moved within the DOM (for example, * during a tabledrag row
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 66 20 28 24 2e 69 73 46 75 6e 63 74 69 6f 6e 28 74 68 69 73 2e 64 65 74 61 63 68 29 29 20 7b 0a 20 20 20 20 20 20 74 68 69 73 2e 64 65 74 61 63 68 28 63 6f 6e 74 65 78 74 2c 20 73 65 74 74 69 6e 67 73 2c 20 74 72 69 67 67 65 72 29 3b 0a 20 20 20 20 7d 0a 20 20 7d 29 3b 0a 7d 3b 0a 0a 2f 2a 2a 0a 20 2a 20 45 6e 63 6f 64 65 20 73 70 65 63 69 61 6c 20 63 68 61 72 61 63 74 65 72 73 20 69 6e 20 61 20 70 6c 61 69 6e 2d 74 65 78 74 20 73 74 72 69 6e 67 20 66 6f 72 20 64 69 73 70 6c 61 79 20 61 73 20 48 54 4d 4c 2e 0a 20 2a 0a 20 2a 20 40 69 6e 67 72 6f 75 70 20 73 61 6e 69 74 69 7a 61 74 69 6f 6e 0a 20 2a 2f 0a 44 72 75 70 61 6c 2e 63 68 65 63 6b 50 6c 61 69 6e 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 73 74 72 29 20 7b 0a 20 20 76 61 72 20 63 68 61 72 61 63 74 65
                                                                                                                                                                                                                                                                                      Data Ascii: f ($.isFunction(this.detach)) { this.detach(context, settings, trigger); } });};/** * Encode special characters in a plain-text string for display as HTML. * * @ingroup sanitization */Drupal.checkPlain = function (str) { var characte
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 79 2e 63 68 61 72 41 74 28 30 29 29 20 7b 0a 20 20 20 20 20 20 20 20 2f 2f 20 45 73 63 61 70 65 64 20 6f 6e 6c 79 2e 0a 20 20 20 20 20 20 20 20 63 61 73 65 20 27 40 27 3a 0a 20 20 20 20 20 20 20 20 20 20 61 72 67 73 5b 6b 65 79 5d 20 3d 20 44 72 75 70 61 6c 2e 63 68 65 63 6b 50 6c 61 69 6e 28 61 72 67 73 5b 6b 65 79 5d 29 3b 0a 20 20 20 20 20 20 20 20 20 20 62 72 65 61 6b 3b 0a 20 20 20 20 20 20 20 20 2f 2f 20 50 61 73 73 2d 74 68 72 6f 75 67 68 2e 0a 20 20 20 20 20 20 20 20 63 61 73 65 20 27 21 27 3a 0a 20 20 20 20 20 20 20 20 20 20 62 72 65 61 6b 3b 0a 20 20 20 20 20 20 20 20 2f 2f 20 45 73 63 61 70 65 64 20 61 6e 64 20 70 6c 61 63 65 68 6f 6c 64 65 72 2e 0a 20 20 20 20 20 20 20 20 64 65 66 61 75 6c 74 3a 0a 20 20 20 20 20 20 20 20 20 20 61 72 67 73 5b
                                                                                                                                                                                                                                                                                      Data Ascii: y.charAt(0)) { // Escaped only. case '@': args[key] = Drupal.checkPlain(args[key]); break; // Pass-through. case '!': break; // Escaped and placeholder. default: args[
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 76 61 72 20 66 72 61 67 6d 65 6e 74 73 20 3d 20 73 74 72 2e 73 70 6c 69 74 28 6b 65 79 29 3b 0a 0a 20 20 69 66 20 28 6b 65 79 73 2e 6c 65 6e 67 74 68 29 20 7b 0a 20 20 20 20 66 6f 72 20 28 76 61 72 20 69 20 3d 20 30 3b 20 69 20 3c 20 66 72 61 67 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 20 69 2b 2b 29 20 7b 0a 20 20 20 20 20 20 2f 2f 20 50 72 6f 63 65 73 73 20 65 61 63 68 20 66 72 61 67 6d 65 6e 74 20 77 69 74 68 20 61 20 63 6f 70 79 20 6f 66 20 72 65 6d 61 69 6e 69 6e 67 20 6b 65 79 73 2e 0a 20 20 20 20 20 20 66 72 61 67 6d 65 6e 74 73 5b 69 5d 20 3d 20 44 72 75 70 61 6c 2e 73 74 72 69 6e 67 52 65 70 6c 61 63 65 28 66 72 61 67 6d 65 6e 74 73 5b 69 5d 2c 20 61 72 67 73 2c 20 6b 65 79 73 2e 73 6c 69 63 65 28 30 29 29 3b 0a 20 20 20 20 7d 0a 20 20 7d 0a 0a 20
                                                                                                                                                                                                                                                                                      Data Ascii: var fragments = str.split(key); if (keys.length) { for (var i = 0; i < fragments.length; i++) { // Process each fragment with a copy of remaining keys. fragments[i] = Drupal.stringReplace(fragments[i], args, keys.slice(0)); } }
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 20 65 6e 73 75 72 65 73 20 74 68 61 74 20 74 68 65 20 73 74 72 69 6e 67 20 69 73 20 70 6c 75 72 61 6c 69 7a 65 64 20 63 6f 72 72 65 63 74 6c 79 2e 20 53 69 6e 63 65 20 44 72 75 70 61 6c 2e 74 28 29 20 69 73 0a 20 2a 20 63 61 6c 6c 65 64 20 62 79 20 74 68 69 73 20 66 75 6e 63 74 69 6f 6e 2c 20 6d 61 6b 65 20 73 75 72 65 20 6e 6f 74 20 74 6f 20 70 61 73 73 20 61 6c 72 65 61 64 79 2d 6c 6f 63 61 6c 69 7a 65 64 20 73 74 72 69 6e 67 73 20 74 6f 20 69 74 2e 0a 20 2a 0a 20 2a 20 53 65 65 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 73 65 72 76 65 72 2d 73 69 64 65 20 66 6f 72 6d 61 74 5f 70 6c 75 72 61 6c 28 29 20 66 75 6e 63 74 69 6f 6e 20 66 6f 72 20 66 75 72 74 68 65 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 0a 20 2a 20 40 70 61
                                                                                                                                                                                                                                                                                      Data Ascii: ensures that the string is pluralized correctly. Since Drupal.t() is * called by this function, make sure not to pass already-localized strings to it. * * See the documentation of the server-side format_plural() function for further details. * * @pa
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 61 6c 2e 6c 6f 63 61 6c 65 2e 70 6c 75 72 61 6c 46 6f 72 6d 75 6c 61 28 61 72 67 73 5b 27 40 63 6f 75 6e 74 27 5d 29 20 3a 20 28 28 61 72 67 73 5b 27 40 63 6f 75 6e 74 27 5d 20 3d 3d 20 31 29 20 3f 20 30 20 3a 20 31 29 3b 0a 0a 20 20 69 66 20 28 69 6e 64 65 78 20 3d 3d 20 30 29 20 7b 0a 20 20 20 20 72 65 74 75 72 6e 20 44 72 75 70 61 6c 2e 74 28 73 69 6e 67 75 6c 61 72 2c 20 61 72 67 73 2c 20 6f 70 74 69 6f 6e 73 29 3b 0a 20 20 7d 0a 20 20 65 6c 73 65 20 69 66 20 28 69 6e 64 65 78 20 3d 3d 20 31 29 20 7b 0a 20 20 20 20 72 65 74 75 72 6e 20 44 72 75 70 61 6c 2e 74 28 70 6c 75 72 61 6c 2c 20 61 72 67 73 2c 20 6f 70 74 69 6f 6e 73 29 3b 0a 20 20 7d 0a 20 20 65 6c 73 65 20 7b 0a 20 20 20 20 61 72 67 73 5b 27 40 63 6f 75 6e 74 5b 27 20 2b 20 69 6e 64 65 78 20
                                                                                                                                                                                                                                                                                      Data Ascii: al.locale.pluralFormula(args['@count']) : ((args['@count'] == 1) ? 0 : 1); if (index == 0) { return Drupal.t(singular, args, options); } else if (index == 1) { return Drupal.t(plural, args, options); } else { args['@count[' + index


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      26192.168.2.849776104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC385OUTGET /misc/jquery-extend-3.4.0.js?v=1.4.4 HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC705INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:17 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                                                                                                      Content-Length: 3415
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 06 Dec 2023 14:25:06 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 03 Nov 2024 00:41:50 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 338367
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NYYn%2FtmFmtlMIYkROTldbcLDgak8FzNuukisbgNhSx6Evg2fzGwCBZbHDifGoAyokvXFb%2BAlaCo1VZHZ2KBQVr%2F0nBMhOyVTmR2JSo0VBc6C%2FXR55jvN9SVMrA53Ow63L75aIha3ajDy1vQoXA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165d3da3542a5-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC664INData Raw: 2f 2a 2a 0a 20 2a 20 46 6f 72 20 6a 51 75 65 72 79 20 76 65 72 73 69 6f 6e 73 20 6c 65 73 73 20 74 68 61 6e 20 33 2e 34 2e 30 2c 20 74 68 69 73 20 72 65 70 6c 61 63 65 73 20 74 68 65 20 6a 51 75 65 72 79 2e 65 78 74 65 6e 64 0a 20 2a 20 66 75 6e 63 74 69 6f 6e 20 77 69 74 68 20 74 68 65 20 6f 6e 65 20 66 72 6f 6d 20 6a 51 75 65 72 79 20 33 2e 34 2e 30 2c 20 73 6c 69 67 68 74 6c 79 20 6d 6f 64 69 66 69 65 64 20 28 64 6f 63 75 6d 65 6e 74 65 64 0a 20 2a 20 62 65 6c 6f 77 29 20 74 6f 20 62 65 20 63 6f 6d 70 61 74 69 62 6c 65 20 77 69 74 68 20 6f 6c 64 65 72 20 6a 51 75 65 72 79 20 76 65 72 73 69 6f 6e 73 20 61 6e 64 20 62 72 6f 77 73 65 72 73 2e 0a 20 2a 0a 20 2a 20 54 68 69 73 20 70 72 6f 76 69 64 65 73 20 74 68 65 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74
                                                                                                                                                                                                                                                                                      Data Ascii: /** * For jQuery versions less than 3.4.0, this replaces the jQuery.extend * function with the one from jQuery 3.4.0, slightly modified (documented * below) to be compatible with older jQuery versions and browsers. * * This provides the Object.protot
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 73 69 6f 6e 20 3d 20 70 61 72 73 65 49 6e 74 28 76 65 72 73 69 6f 6e 50 61 72 74 73 5b 30 5d 29 3b 0a 76 61 72 20 6d 69 6e 6f 72 56 65 72 73 69 6f 6e 20 3d 20 70 61 72 73 65 49 6e 74 28 76 65 72 73 69 6f 6e 50 61 72 74 73 5b 31 5d 29 3b 0a 76 61 72 20 70 61 74 63 68 56 65 72 73 69 6f 6e 20 3d 20 70 61 72 73 65 49 6e 74 28 76 65 72 73 69 6f 6e 50 61 72 74 73 5b 32 5d 29 3b 0a 76 61 72 20 69 73 50 72 65 52 65 6c 65 61 73 65 56 65 72 73 69 6f 6e 20 3d 20 28 70 61 74 63 68 56 65 72 73 69 6f 6e 2e 74 6f 53 74 72 69 6e 67 28 29 20 21 3d 3d 20 76 65 72 73 69 6f 6e 50 61 72 74 73 5b 32 5d 29 3b 0a 69 66 20 28 0a 20 20 28 6d 61 6a 6f 72 56 65 72 73 69 6f 6e 20 3e 20 33 29 20 7c 7c 0a 20 20 28 6d 61 6a 6f 72 56 65 72 73 69 6f 6e 20 3d 3d 3d 20 33 20 26 26 20 6d 69
                                                                                                                                                                                                                                                                                      Data Ascii: sion = parseInt(versionParts[0]);var minorVersion = parseInt(versionParts[1]);var patchVersion = parseInt(versionParts[2]);var isPreReleaseVersion = (patchVersion.toString() !== versionParts[2]);if ( (majorVersion > 3) || (majorVersion === 3 && mi
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 7d 3b 0a 20 20 7d 0a 0a 20 20 2f 2f 20 45 78 74 65 6e 64 20 6a 51 75 65 72 79 20 69 74 73 65 6c 66 20 69 66 20 6f 6e 6c 79 20 6f 6e 65 20 61 72 67 75 6d 65 6e 74 20 69 73 20 70 61 73 73 65 64 0a 20 20 69 66 20 28 20 69 20 3d 3d 3d 20 6c 65 6e 67 74 68 20 29 20 7b 0a 20 20 20 20 74 61 72 67 65 74 20 3d 20 74 68 69 73 3b 0a 20 20 20 20 69 2d 2d 3b 0a 20 20 7d 0a 0a 20 20 66 6f 72 20 28 20 3b 20 69 20 3c 20 6c 65 6e 67 74 68 3b 20 69 2b 2b 20 29 20 7b 0a 0a 20 20 20 20 2f 2f 20 4f 6e 6c 79 20 64 65 61 6c 20 77 69 74 68 20 6e 6f 6e 2d 6e 75 6c 6c 2f 75 6e 64 65 66 69 6e 65 64 20 76 61 6c 75 65 73 0a 20 20 20 20 69 66 20 28 20 28 20 6f 70 74 69 6f 6e 73 20 3d 20 61 72 67 75 6d 65 6e 74 73 5b 20 69 20 5d 20 29 20 21 3d 20 6e 75 6c 6c 20 29 20 7b 0a 0a 20 20 20
                                                                                                                                                                                                                                                                                      Data Ascii: }; } // Extend jQuery itself if only one argument is passed if ( i === length ) { target = this; i--; } for ( ; i < length; i++ ) { // Only deal with non-null/undefined values if ( ( options = arguments[ i ] ) != null ) {
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC13INData Raw: 0a 7d 29 28 6a 51 75 65 72 79 29 3b 0a
                                                                                                                                                                                                                                                                                      Data Ascii: })(jQuery);


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      27192.168.2.849779104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC629OUTGET /sites/all/libraries/superfish/jquery.hoverIntent.minified.js?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC702INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:17 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                                                                                                      Content-Length: 1464
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 23 Jan 2013 20:45:50 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 16:15:42 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2183135
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=alTr1ZYCG8mNRfQ2svOftqgO0Z4U0Pp%2BibnvxK5EvwiEV524oXN7VJFWODDGfxnif0xb3WV0wVcRpqfY1agP2S1omrjsM9J5K6w7QYLTVUpRAHPskwgu0ohzHPF7zs%2FcEIL0cW4Af0WWyLVbhg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165d3d87a4262-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC667INData Raw: 2f 2a 2a 0a 2a 20 68 6f 76 65 72 49 6e 74 65 6e 74 20 72 36 20 2f 2f 20 32 30 31 31 2e 30 32 2e 32 36 20 2f 2f 20 6a 51 75 65 72 79 20 31 2e 35 2e 31 2b 0a 2a 20 3c 68 74 74 70 3a 2f 2f 63 68 65 72 6e 65 2e 6e 65 74 2f 62 72 69 61 6e 2f 72 65 73 6f 75 72 63 65 73 2f 6a 71 75 65 72 79 2e 68 6f 76 65 72 49 6e 74 65 6e 74 2e 68 74 6d 6c 3e 0a 2a 20 0a 2a 20 40 70 61 72 61 6d 20 20 66 20 20 6f 6e 4d 6f 75 73 65 4f 76 65 72 20 66 75 6e 63 74 69 6f 6e 20 7c 7c 20 41 6e 20 6f 62 6a 65 63 74 20 77 69 74 68 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 73 0a 2a 20 40 70 61 72 61 6d 20 20 67 20 20 6f 6e 4d 6f 75 73 65 4f 75 74 20 66 75 6e 63 74 69 6f 6e 20 20 7c 7c 20 4e 6f 74 68 69 6e 67 20 28 75 73 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20
                                                                                                                                                                                                                                                                                      Data Ascii: /*** hoverIntent r6 // 2011.02.26 // jQuery 1.5.1+* <http://cherne.net/brian/resources/jquery.hoverIntent.html>* * @param f onMouseOver function || An object with configuration options* @param g onMouseOut function || Nothing (use configuration
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC797INData Raw: 76 65 22 2c 74 72 61 63 6b 29 3b 6f 62 2e 68 6f 76 65 72 49 6e 74 65 6e 74 5f 73 3d 31 3b 72 65 74 75 72 6e 20 63 66 67 2e 6f 76 65 72 2e 61 70 70 6c 79 28 6f 62 2c 5b 65 76 5d 29 7d 65 6c 73 65 7b 70 58 3d 63 58 3b 70 59 3d 63 59 3b 6f 62 2e 68 6f 76 65 72 49 6e 74 65 6e 74 5f 74 3d 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 63 6f 6d 70 61 72 65 28 65 76 2c 6f 62 29 7d 2c 63 66 67 2e 69 6e 74 65 72 76 61 6c 29 7d 7d 3b 76 61 72 20 64 65 6c 61 79 3d 66 75 6e 63 74 69 6f 6e 28 65 76 2c 6f 62 29 7b 6f 62 2e 68 6f 76 65 72 49 6e 74 65 6e 74 5f 74 3d 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 6f 62 2e 68 6f 76 65 72 49 6e 74 65 6e 74 5f 74 29 3b 6f 62 2e 68 6f 76 65 72 49 6e 74 65 6e 74 5f 73 3d 30 3b 72 65 74 75 72 6e 20 63 66 67 2e 6f 75
                                                                                                                                                                                                                                                                                      Data Ascii: ve",track);ob.hoverIntent_s=1;return cfg.over.apply(ob,[ev])}else{pX=cX;pY=cY;ob.hoverIntent_t=setTimeout(function(){compare(ev,ob)},cfg.interval)}};var delay=function(ev,ob){ob.hoverIntent_t=clearTimeout(ob.hoverIntent_t);ob.hoverIntent_s=0;return cfg.ou


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      28192.168.2.849780104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC611OUTGET /sites/all/libraries/superfish/superfish.js?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC706INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:17 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                                                                                                      Content-Length: 3945
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Thu, 05 Nov 2015 08:44:31 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 20 Oct 2024 08:46:47 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 1518870
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8enRx8r8N%2BizWnxlWC4q55MZL%2FPqheyyDoVNN%2Ft2hUEa203FQCmz%2BPxUGBcmlkkaTrJwWxefDi2GoaRZ54LMLZbAkZysTwU7CYRzxnKh6iGRtb9jlHKUtNqViX5KoYmwpt1G9uK9iI2pKA23CA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165d41dfb5e7d-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC663INData Raw: 2f 2a 0a 20 2a 20 53 75 70 65 72 66 69 73 68 20 76 31 2e 34 2e 38 20 2d 20 6a 51 75 65 72 79 20 6d 65 6e 75 20 77 69 64 67 65 74 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 30 38 20 4a 6f 65 6c 20 42 69 72 63 68 0a 20 2a 0a 20 2a 20 44 75 61 6c 20 6c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 61 6e 64 20 47 50 4c 20 6c 69 63 65 6e 73 65 73 3a 0a 20 2a 20 20 20 68 74 74 70 3a 2f 2f 77 77 77 2e 6f 70 65 6e 73 6f 75 72 63 65 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 73 2f 6d 69 74 2d 6c 69 63 65 6e 73 65 2e 70 68 70 0a 20 2a 20 20 20 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6e 75 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 73 2f 67 70 6c 2e 68 74 6d 6c 0a 20 2a 0a 20 2a 20 43 48 41 4e 47 45 4c 4f 47 3a 20 68 74 74 70 3a 2f 2f 75 73 65 72
                                                                                                                                                                                                                                                                                      Data Ascii: /* * Superfish v1.4.8 - jQuery menu widget * Copyright (c) 2008 Joel Birch * * Dual licensed under the MIT and GPL licenses: * http://www.opensource.org/licenses/mit-license.php * http://www.gnu.org/licenses/gpl.html * * CHANGELOG: http://user
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 20 6f 75 74 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 20 20 20 20 76 61 72 20 24 24 20 3d 20 24 28 74 68 69 73 29 2c 20 6d 65 6e 75 20 3d 20 67 65 74 4d 65 6e 75 28 24 24 29 2c 20 6f 20 3d 20 73 66 2e 6f 70 3b 0a 20 20 20 20 20 20 20 20 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 6d 65 6e 75 2e 73 66 54 69 6d 65 72 29 3b 0a 20 20 20 20 20 20 20 20 6d 65 6e 75 2e 73 66 54 69 6d 65 72 3d 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 20 20 20 20 20 20 6f 2e 72 65 74 61 69 6e 50 61 74 68 3d 28 24 2e 69 6e 41 72 72 61 79 28 24 24 5b 30 5d 2c 6f 2e 24 70 61 74 68 29 3e 2d 31 29 3b 0a 20 20 20 20 20 20 20 20 20 20 24 24 2e 68 69 64 65 53 75 70 65 72 66 69 73 68 55 6c 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 69 66 20
                                                                                                                                                                                                                                                                                      Data Ascii: out = function(){ var $$ = $(this), menu = getMenu($$), o = sf.op; clearTimeout(menu.sfTimer); menu.sfTimer=setTimeout(function(){ o.retainPath=($.inArray($$[0],o.$path)>-1); $$.hideSuperfishUl(); if
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 76 65 72 2e 63 61 6c 6c 28 24 6c 69 29 3b 7d 29 2e 62 6c 75 72 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6f 75 74 2e 63 61 6c 6c 28 24 6c 69 29 3b 7d 29 3b 0a 20 20 20 20 20 20 7d 29 3b 0a 20 20 20 20 20 20 6f 2e 6f 6e 49 6e 69 74 2e 63 61 6c 6c 28 74 68 69 73 29 3b 0a 0a 20 20 20 20 7d 29 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 6d 65 6e 75 43 6c 61 73 73 65 73 20 3d 20 5b 63 2e 6d 65 6e 75 43 6c 61 73 73 5d 3b 0a 20 20 20 20 20 20 69 66 20 28 73 66 2e 6f 70 2e 64 72 6f 70 53 68 61 64 6f 77 73 20 20 26 26 20 21 28 24 2e 62 72 6f 77 73 65 72 2e 6d 73 69 65 20 26 26 20 24 2e 62 72 6f 77 73 65 72 2e 76 65 72 73 69 6f 6e 20 3c 20 37 29 29 20 6d 65 6e 75 43 6c 61 73 73 65 73 2e 70 75 73 68 28 63 2e 73 68 61 64 6f 77 43
                                                                                                                                                                                                                                                                                      Data Ascii: ver.call($li);}).blur(function(){out.call($li);}); }); o.onInit.call(this); }).each(function() { var menuClasses = [c.menuClass]; if (sf.op.dropShadows && !($.browser.msie && $.browser.version < 7)) menuClasses.push(c.shadowC
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC544INData Raw: 64 64 28 74 68 69 73 29 2e 6e 6f 74 28 6e 6f 74 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 6f 2e 68 6f 76 65 72 43 6c 61 73 73 29 0a 20 20 20 20 20 20 20 20 20 20 2e 66 69 6e 64 28 27 3e 75 6c 27 29 2e 68 69 64 65 28 29 2e 63 73 73 28 27 76 69 73 69 62 69 6c 69 74 79 27 2c 27 68 69 64 64 65 6e 27 29 3b 0a 20 20 20 20 20 20 6f 2e 6f 6e 48 69 64 65 2e 63 61 6c 6c 28 24 75 6c 29 3b 0a 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 68 69 73 3b 0a 20 20 20 20 7d 2c 0a 20 20 20 20 73 68 6f 77 53 75 70 65 72 66 69 73 68 55 6c 20 3a 20 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 20 20 76 61 72 20 6f 20 3d 20 73 66 2e 6f 70 2c 0a 20 20 20 20 20 20 20 20 73 68 20 3d 20 73 66 2e 63 2e 73 68 61 64 6f 77 43 6c 61 73 73 2b 27 2d 6f 66 66 27 2c 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                      Data Ascii: dd(this).not(not).removeClass(o.hoverClass) .find('>ul').hide().css('visibility','hidden'); o.onHide.call($ul); return this; }, showSuperfishUl : function(){ var o = sf.op, sh = sf.c.shadowClass+'-off',


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      29192.168.2.849783104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC611OUTGET /sites/all/libraries/superfish/supersubs.js?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC701INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:17 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                                                                                                      Content-Length: 3778
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 23 Jan 2013 20:46:22 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 03 Nov 2024 00:41:50 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 338367
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oopB93wbiLEaEZe6VGqYU8dtzPMDaMds2ej%2BtqcIg55QgAC5pamrKvL13ByZQJbNtcHhIklZbuMxaoU2eMqePZTZgrL8qQkIgsipENtI5eGCV%2Bd5VKpBIs1XFAWmTbUP53BLX3Q7XEpHcKcXEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165d40d4841d9-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC668INData Raw: 2f 2a 0a 20 2a 20 53 75 70 65 72 73 75 62 73 20 76 30 2e 32 62 20 2d 20 6a 51 75 65 72 79 20 70 6c 75 67 69 6e 20 2d 20 4c 41 53 54 20 55 50 44 41 54 45 3a 20 4d 41 52 43 48 20 32 33 72 64 2c 20 32 30 31 31 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 30 38 20 4a 6f 65 6c 20 42 69 72 63 68 0a 20 2a 0a 20 2a 20 4a 61 6e 20 31 36 74 68 2c 20 32 30 31 31 20 2d 20 4d 6f 64 69 66 69 65 64 20 61 20 6c 69 74 74 6c 65 20 69 6e 20 6f 72 64 65 72 20 74 6f 20 77 6f 72 6b 20 77 69 74 68 20 4e 61 76 42 61 72 20 6d 65 6e 75 73 20 61 73 20 77 65 6c 6c 2e 0a 20 2a 0a 20 2a 20 44 75 61 6c 20 6c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 61 6e 64 20 47 50 4c 20 6c 69 63 65 6e 73 65 73 3a 0a 20 2a 20 20 20 68 74 74 70 3a 2f 2f 77 77 77
                                                                                                                                                                                                                                                                                      Data Ascii: /* * Supersubs v0.2b - jQuery plugin - LAST UPDATE: MARCH 23rd, 2011 * Copyright (c) 2008 Joel Birch * * Jan 16th, 2011 - Modified a little in order to work with NavBar menus as well. * * Dual licensed under the MIT and GPL licenses: * http://www
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 2e 66 6e 2e 73 75 70 65 72 73 75 62 73 20 3d 20 66 75 6e 63 74 69 6f 6e 28 6f 70 74 69 6f 6e 73 29 7b 0a 20 20 20 20 76 61 72 20 6f 70 74 73 20 3d 20 24 2e 65 78 74 65 6e 64 28 7b 7d 2c 20 24 2e 66 6e 2e 73 75 70 65 72 73 75 62 73 2e 64 65 66 61 75 6c 74 73 2c 20 6f 70 74 69 6f 6e 73 29 3b 0a 09 2f 2f 20 72 65 74 75 72 6e 20 6f 72 69 67 69 6e 61 6c 20 6f 62 6a 65 63 74 20 74 6f 20 73 75 70 70 6f 72 74 20 63 68 61 69 6e 69 6e 67 0a 20 20 20 20 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 2f 2f 20 63 61 63 68 65 20 73 65 6c 65 63 74 69 6f 6e 73 0a 20 20 20 20 20 20 76 61 72 20 24 24 20 3d 20 24 28 74 68 69 73 29 3b 0a 20 20 20 20 20 20 2f 2f 20 73 75 70 70 6f 72 74 20 6d 65 74 61 64 61 74 61 0a
                                                                                                                                                                                                                                                                                      Data Ascii: .fn.supersubs = function(options){ var opts = $.extend({}, $.fn.supersubs.defaults, options);// return original object to support chaining return this.each(function() { // cache selections var $$ = $(this); // support metadata
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 28 27 66 6c 6f 61 74 27 29 3b 0a 20 20 20 20 20 20 20 20 2f 2f 20 72 65 6d 6f 76 65 20 77 69 64 74 68 20 72 65 73 74 72 69 63 74 69 6f 6e 73 20 61 6e 64 20 66 6c 6f 61 74 73 20 73 6f 20 65 6c 65 6d 65 6e 74 73 20 72 65 6d 61 69 6e 20 76 65 72 74 69 63 61 6c 6c 79 20 73 74 61 63 6b 65 64 0a 20 20 20 20 20 20 20 20 76 61 72 20 65 6d 57 69 64 74 68 20 3d 20 24 75 6c 2e 61 64 64 28 24 4c 49 73 29 2e 61 64 64 28 24 41 73 29 2e 63 73 73 28 7b 0a 20 20 20 20 20 20 20 20 20 20 27 66 6c 6f 61 74 27 20 3a 20 27 6e 6f 6e 65 27 2c 0a 20 20 20 20 20 20 20 20 20 20 27 77 69 64 74 68 27 20 20 3a 20 27 61 75 74 6f 27 0a 20 20 20 20 20 20 20 20 7d 29 0a 20 20 20 20 20 20 20 20 2f 2f 20 74 68 69 73 20 75 6c 20 77 69 6c 6c 20 6e 6f 77 20 62 65 20 73 68 72 69 6e 6b 2d 77 72
                                                                                                                                                                                                                                                                                      Data Ascii: ('float'); // remove width restrictions and floats so elements remain vertically stacked var emWidth = $ul.add($LIs).add($As).css({ 'float' : 'none', 'width' : 'auto' }) // this ul will now be shrink-wr
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC372INData Raw: 6c 2e 63 73 73 28 6f 66 66 73 65 74 44 69 72 65 63 74 69 6f 6e 2c 65 6d 57 69 64 74 68 29 3b 0a 20 20 20 20 20 20 20 20 7d 29 3b 0a 20 20 20 20 20 20 7d 29 3b 0a 0a 20 20 20 20 7d 29 3b 0a 20 20 7d 3b 0a 20 20 2f 2f 20 65 78 70 6f 73 65 20 64 65 66 61 75 6c 74 73 0a 20 20 24 2e 66 6e 2e 73 75 70 65 72 73 75 62 73 2e 64 65 66 61 75 6c 74 73 20 3d 20 7b 0a 20 20 20 20 6d 69 6e 57 69 64 74 68 3a 20 39 2c 20 2f 2f 20 72 65 71 75 69 72 65 73 20 65 6d 20 75 6e 69 74 2e 0a 20 20 20 20 6d 61 78 57 69 64 74 68 3a 20 32 35 2c 20 2f 2f 20 72 65 71 75 69 72 65 73 20 65 6d 20 75 6e 69 74 2e 0a 20 20 20 20 65 78 74 72 61 57 69 64 74 68 3a 20 30 20 2f 2f 20 65 78 74 72 61 20 77 69 64 74 68 20 63 61 6e 20 65 6e 73 75 72 65 20 6c 69 6e 65 73 20 64 6f 6e 27 74 20 73 6f 6d
                                                                                                                                                                                                                                                                                      Data Ascii: l.css(offsetDirection,emWidth); }); }); }); }; // expose defaults $.fn.supersubs.defaults = { minWidth: 9, // requires em unit. maxWidth: 25, // requires em unit. extraWidth: 0 // extra width can ensure lines don't som


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      30192.168.2.849778104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC402OUTGET /misc/jquery-html-prefilter-3.5.0-backport.js?v=1.4.4 HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC701INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:17 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                                                                                                      Content-Length: 12629
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 06 Dec 2023 14:25:06 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 16:15:42 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2183135
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vM75iQdjehfUSUnu1g0tFL6s1Gfvjchqq32Tu3khFcaNTMxchyS00Cjd1hWQ1gTZjBl4Q1Slo2gFnLRUmTXkI4foycoy5MYGmITq3YXmfLStkWtUUYgcwj2NCP%2BAg3igWjLEEuSeUUF3R5InRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165d41ee28cd4-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC668INData Raw: 2f 2a 2a 0a 20 2a 20 46 6f 72 20 6a 51 75 65 72 79 20 76 65 72 73 69 6f 6e 73 20 6c 65 73 73 20 74 68 61 6e 20 33 2e 35 2e 30 2c 20 74 68 69 73 20 72 65 70 6c 61 63 65 73 20 74 68 65 20 6a 51 75 65 72 79 2e 68 74 6d 6c 50 72 65 66 69 6c 74 65 72 28 29 0a 20 2a 20 66 75 6e 63 74 69 6f 6e 20 77 69 74 68 20 6f 6e 65 20 74 68 61 74 20 66 69 78 65 73 20 74 68 65 73 65 20 73 65 63 75 72 69 74 79 20 76 75 6c 6e 65 72 61 62 69 6c 69 74 69 65 73 20 77 68 69 6c 65 20 61 6c 73 6f 0a 20 2a 20 72 65 74 61 69 6e 69 6e 67 20 74 68 65 20 70 72 65 2d 33 2e 35 2e 30 20 62 65 68 61 76 69 6f 72 20 77 68 65 72 65 20 69 74 27 73 20 73 61 66 65 20 74 6f 20 64 6f 20 73 6f 2e 0a 20 2a 20 2d 20 68 74 74 70 73 3a 2f 2f 63 76 65 2e 6d 69 74 72 65 2e 6f 72 67 2f 63 67 69 2d 62 69 6e
                                                                                                                                                                                                                                                                                      Data Ascii: /** * For jQuery versions less than 3.5.0, this replaces the jQuery.htmlPrefilter() * function with one that fixes these security vulnerabilities while also * retaining the pre-3.5.0 behavior where it's safe to do so. * - https://cve.mitre.org/cgi-bin
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 68 69 73 20 63 6f 76 65 72 73 20 61 6c 6c 20 76 65 72 73 69 6f 6e 73 20 62 65 74 77 65 65 6e 20 31 2e 34 2e 34 20 61 6e 64 20 33 2e 34 2e 31 2e 0a 20 2a 20 54 68 65 20 47 69 74 48 75 62 20 6c 69 6e 6b 73 20 69 6e 20 74 68 65 20 63 6f 64 65 20 63 6f 6d 6d 65 6e 74 73 20 62 65 6c 6f 77 20 6c 69 6e 6b 20 74 6f 20 6a 51 75 65 72 79 20 31 2e 35 20 63 6f 64 65 2c 20 62 65 63 61 75 73 65 0a 20 2a 20 31 2e 34 2e 34 20 69 73 6e 27 74 20 6f 6e 20 47 69 74 48 75 62 2c 20 62 75 74 20 74 68 65 20 72 65 66 65 72 65 6e 63 65 64 20 63 6f 64 65 20 64 69 64 6e 27 74 20 63 68 61 6e 67 65 20 66 72 6f 6d 20 31 2e 34 2e 34 20 74 6f 0a 20 2a 20 31 2e 35 2e 0a 20 2a 2f 0a 0a 28 66 75 6e 63 74 69 6f 6e 20 28 6a 51 75 65 72 79 29 20 7b 0a 0a 20 20 2f 2f 20 50 61 72 74 73 20 6f 66
                                                                                                                                                                                                                                                                                      Data Ascii: his covers all versions between 1.4.4 and 3.4.1. * The GitHub links in the code comments below link to jQuery 1.5 code, because * 1.4.4 isn't on GitHub, but the referenced code didn't change from 1.4.4 to * 1.5. */(function (jQuery) { // Parts of
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 62 2f 32 2e 30 2e 31 31 2f 64 69 73 74 2f 70 75 72 69 66 79 2e 6a 73 23 4c 31 32 38 0a 20 20 2f 2f 20 2d 20 41 20 6e 6f 72 6d 61 6c 20 65 6c 65 6d 65 6e 74 20 28 6e 6f 74 20 61 20 76 6f 69 64 2c 20 74 65 6d 70 6c 61 74 65 2c 20 74 65 78 74 2c 20 6f 72 20 66 6f 72 65 69 67 6e 20 65 6c 65 6d 65 6e 74 29 2e 0a 20 20 2f 2f 20 20 20 40 73 65 65 20 68 74 74 70 73 3a 2f 2f 68 74 6d 6c 2e 73 70 65 63 2e 77 68 61 74 77 67 2e 6f 72 67 2f 6d 75 6c 74 69 70 61 67 65 2f 73 79 6e 74 61 78 2e 68 74 6d 6c 23 65 6c 65 6d 65 6e 74 73 2d 32 0a 20 20 2f 2f 20 2d 20 41 6e 20 65 6c 65 6d 65 6e 74 20 74 68 61 74 20 69 73 20 73 74 69 6c 6c 20 64 65 66 69 6e 65 64 20 62 79 20 74 68 65 20 63 75 72 72 65 6e 74 20 48 54 4d 4c 20 73 70 65 63 69 66 69 63 61 74 69 6f 6e 0a 20 20 2f 2f
                                                                                                                                                                                                                                                                                      Data Ascii: b/2.0.11/dist/purify.js#L128 // - A normal element (not a void, template, text, or foreign element). // @see https://html.spec.whatwg.org/multipage/syntax.html#elements-2 // - An element that is still defined by the current HTML specification //
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 74 27 2c 20 27 73 6d 61 6c 6c 27 2c 20 27 73 6f 75 72 63 65 27 2c 20 27 73 70 61 6e 27 2c 0a 20 20 20 20 27 73 74 72 6f 6e 67 27 2c 20 27 73 75 62 27 2c 20 27 73 75 6d 6d 61 72 79 27 2c 20 27 73 75 70 27 2c 20 27 74 61 62 6c 65 27 2c 20 27 74 62 6f 64 79 27 2c 20 27 74 64 27 2c 20 27 74 66 6f 6f 74 27 2c 20 27 74 68 27 2c 0a 20 20 20 20 27 74 68 65 61 64 27 2c 20 27 74 69 6d 65 27 2c 20 27 74 72 27 2c 20 27 75 27 2c 20 27 75 6c 27 2c 20 27 76 61 72 27 2c 20 27 76 69 64 65 6f 27 0a 20 20 5d 3b 0a 0a 20 20 2f 2f 20 44 65 66 69 6e 65 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 73 20 66 6f 72 20 3c 54 41 47 2f 3e 20 61 6e 64 20 3c 54 41 47 20 41 54 54 52 49 42 55 54 45 53 2f 3e 2e 20 44 6f 69 6e 67 20 74 68 69 73 20 61 73 0a 20 20 2f 2f 20 74 77
                                                                                                                                                                                                                                                                                      Data Ascii: t', 'small', 'source', 'span', 'strong', 'sub', 'summary', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'time', 'tr', 'u', 'ul', 'var', 'video' ]; // Define regular expressions for <TAG/> and <TAG ATTRIBUTES/>. Doing this as // tw
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 20 69 66 20 28 6d 61 6a 6f 72 56 65 72 73 69 6f 6e 20 3c 20 33 29 20 7b 0a 20 20 20 20 72 74 61 67 4e 61 6d 65 20 3d 20 2f 3c 28 5b 5c 77 3a 5d 2b 29 2f 3b 0a 20 20 7d 0a 20 20 65 6c 73 65 20 69 66 20 28 6d 69 6e 6f 72 56 65 72 73 69 6f 6e 20 3c 20 34 29 20 7b 0a 20 20 20 20 72 74 61 67 4e 61 6d 65 20 3d 20 2f 3c 28 5b 61 2d 7a 5d 5b 5e 5c 2f 5c 30 3e 5c 78 32 30 5c 74 5c 72 5c 6e 5c 66 5d 2b 29 2f 69 3b 0a 20 20 7d 0a 20 20 65 6c 73 65 20 7b 0a 20 20 20 20 72 74 61 67 4e 61 6d 65 20 3d 20 2f 3c 28 5b 61 2d 7a 5d 5b 5e 5c 2f 5c 30 3e 5c 78 32 30 5c 74 5c 72 5c 6e 5c 66 5d 2a 29 2f 69 3b 0a 20 20 7d 0a 0a 20 20 2f 2f 20 54 68 65 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 20 74 68 61 74 20 6a 51 75 65 72 79 20 75 73 65 73 20 74 6f 20 64 65 74
                                                                                                                                                                                                                                                                                      Data Ascii: if (majorVersion < 3) { rtagName = /<([\w:]+)/; } else if (minorVersion < 4) { rtagName = /<([a-z][^\/\0>\x20\t\r\n\f]+)/i; } else { rtagName = /<([a-z][^\/\0>\x20\t\r\n\f]*)/i; } // The regular expression that jQuery uses to det
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 20 68 74 74 70 73 3a 2f 2f 63 76 65 2e 6d 69 74 72 65 2e 6f 72 67 2f 63 67 69 2d 62 69 6e 2f 63 76 65 6e 61 6d 65 2e 63 67 69 3f 6e 61 6d 65 3d 43 56 45 2d 32 30 32 30 2d 31 31 30 32 33 0a 20 20 20 20 20 20 69 66 20 28 28 74 61 67 20 3d 3d 3d 20 27 6f 70 74 69 6f 6e 27 20 7c 7c 20 74 61 67 20 3d 3d 3d 20 27 6f 70 74 67 72 6f 75 70 27 29 20 26 26 20 68 74 6d 6c 2e 6d 61 74 63 68 28 2f 3c 5c 2f 3f 73 65 6c 65 63 74 2f 69 29 29 20 7b 0a 20 20 20 20 20 20 20 20 68 74 6d 6c 20 3d 20 27 27 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2f 2f 20 52 65 74 61 69 6e 20 6a 51 75 65 72 79 27 73 20 70 72 69 6f 72 20 74 6f 20 33 2e 35 20 63 6f 6e 76 65 72 73 69 6f 6e 20 6f 66 20 70 73 65 75 64 6f 2d 58 48 54 4d 4c 2c 20 62 75 74 20 66 6f 72 20 6f 6e 6c 79 0a 20 20
                                                                                                                                                                                                                                                                                      Data Ascii: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023 if ((tag === 'option' || tag === 'optgroup') && html.match(/<\/?select/i)) { html = ''; } // Retain jQuery's prior to 3.5 conversion of pseudo-XHTML, but for only
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 73 6b 79 20 61 6e 64 20 68 74 6d 6c 20 61 72 65 20 64 69 66 66 65 72 65 6e 74 20 73 74 72 69 6e 67 73 2c 20 74 68 65 79 20 6d 69 67 68 74 0a 20 20 20 20 20 20 20 20 20 20 2f 2f 20 72 65 70 72 65 73 65 6e 74 20 74 68 65 20 73 61 6d 65 20 48 54 4d 4c 20 73 74 72 75 63 74 75 72 65 20 6f 6e 63 65 20 70 61 72 73 65 64 2c 20 69 6e 20 77 68 69 63 68 20 63 61 73 65 2c 0a 20 20 20 20 20 20 20 20 20 20 2f 2f 20 68 74 6d 6c 52 69 73 6b 79 20 69 73 20 61 63 74 75 61 6c 6c 79 20 73 61 66 65 2e 20 57 65 20 63 61 6e 20 61 73 6b 20 74 68 65 20 62 72 6f 77 73 65 72 20 74 6f 20 70 61 72 73 65 20 62 6f 74 68 0a 20 20 20 20 20 20 20 20 20 20 2f 2f 20 74 6f 20 66 69 6e 64 20 6f 75 74 2c 20 62 75 74 20 74 68 65 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 70 61 72 73 65 20 74
                                                                                                                                                                                                                                                                                      Data Ascii: sky and html are different strings, they might // represent the same HTML structure once parsed, in which case, // htmlRisky is actually safe. We can ask the browser to parse both // to find out, but the browser can't parse t
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 20 20 20 20 2f 2f 20 46 75 6e 63 74 69 6f 6e 20 74 6f 20 72 65 74 75 72 6e 20 63 61 6e 6f 6e 69 63 61 6c 20 48 54 4d 4c 20 61 66 74 65 72 20 70 61 72 73 69 6e 67 20 69 74 2e 20 54 68 69 73 20 70 61 72 73 65 73 0a 20 20 20 20 20 20 20 20 20 20 2f 2f 20 6f 6e 6c 79 3b 20 69 74 20 64 6f 65 73 6e 27 74 20 65 78 65 63 75 74 65 20 73 63 72 69 70 74 73 2e 0a 20 20 20 20 20 20 20 20 20 20 2f 2f 20 40 73 65 65 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 6a 71 75 65 72 79 2f 6a 71 75 65 72 79 2d 6d 69 67 72 61 74 65 2f 62 6c 6f 62 2f 33 2e 33 2e 30 2f 73 72 63 2f 6a 71 75 65 72 79 2f 6d 61 6e 69 70 75 6c 61 74 69 6f 6e 2e 6a 73 23 4c 35 0a 20 20 20 20 20 20 20 20 20 20 76 61 72 20 67 65 74 50 61 72 73 65 64 48 74 6d 6c 20 3d 20 66 75 6e 63 74 69 6f
                                                                                                                                                                                                                                                                                      Data Ascii: // Function to return canonical HTML after parsing it. This parses // only; it doesn't execute scripts. // @see https://github.com/jquery/jquery-migrate/blob/3.3.0/src/jquery/manipulation.js#L5 var getParsedHtml = functio
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 6c 6f 62 2f 31 2e 35 2f 6a 71 75 65 72 79 2e 6a 73 23 4c 35 31 34 37 0a 20 20 20 20 20 20 68 74 6d 6c 3a 20 66 75 6e 63 74 69 6f 6e 20 28 76 61 6c 75 65 29 20 7b 0a 20 20 20 20 20 20 20 20 69 66 20 28 74 79 70 65 6f 66 20 76 61 6c 75 65 20 3d 3d 3d 20 22 73 74 72 69 6e 67 22 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 76 61 6c 75 65 20 3d 20 6a 51 75 65 72 79 2e 68 74 6d 6c 50 72 65 66 69 6c 74 65 72 28 76 61 6c 75 65 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2f 2f 20 2e 68 74 6d 6c 28 29 20 63 61 6e 20 62 65 20 63 61 6c 6c 65 64 20 61 73 20 61 20 73 65 74 74 65 72 20 28 77 69 74 68 20 61 6e 20 61 72 67 75 6d 65 6e 74 29 20 6f 72 20 61 73 20 61 20 67 65 74 74 65 72 0a 20 20 20 20 20 20 20 20 2f 2f 20 28 77 69 74 68 6f 75 74 20 61 6e 20
                                                                                                                                                                                                                                                                                      Data Ascii: lob/1.5/jquery.js#L5147 html: function (value) { if (typeof value === "string") { value = jQuery.htmlPrefilter(value); } // .html() can be called as a setter (with an argument) or as a getter // (without an
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1009INData Raw: 72 20 28 20 76 61 72 20 69 20 3d 20 30 2c 20 65 6c 65 6d 3b 20 28 65 6c 65 6d 20 3d 20 65 6c 65 6d 73 5b 69 5d 29 20 21 3d 20 6e 75 6c 6c 3b 20 69 2b 2b 20 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 20 74 79 70 65 6f 66 20 65 6c 65 6d 20 3d 3d 3d 20 22 73 74 72 69 6e 67 22 20 26 26 20 72 68 74 6d 6c 2e 74 65 73 74 28 20 65 6c 65 6d 20 29 20 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 65 6c 65 6d 73 5b 69 5d 20 3d 20 65 6c 65 6d 20 3d 20 6a 51 75 65 72 79 2e 68 74 6d 6c 50 72 65 66 69 6c 74 65 72 28 65 6c 65 6d 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 6f 72 69 67 69 6e 61 6c 43 6c 65 61 6e 2e 63 61 6c 6c 28 74 68 69 73 2c 20 65 6c 65
                                                                                                                                                                                                                                                                                      Data Ascii: r ( var i = 0, elem; (elem = elems[i]) != null; i++ ) { if ( typeof elem === "string" && rhtml.test( elem ) ) { elems[i] = elem = jQuery.htmlPrefilter(elem); } } return originalClean.call(this, ele


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      31192.168.2.849781104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC375OUTGET /misc/jquery.once.js?v=1.2 HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC716INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:17 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                                                                                                      Content-Length: 2974
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 06 Dec 2023 14:25:06 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 16:15:42 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2183135
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BHh5SDVJSaYfg%2Bku91GzuH14ZaHe2B%2FeJWkG3ZadvEjIH3vuhGXOrrq5vaXw5W2gjTFZ%2FvJ%2FzsT%2F2CQGOwRjl8BiuHAPVjdXkZLB%2FyUeDmSTwuwcT7SmQ6TQXRICGzCM%2B%2FAYDsAEyzWtr4%2BWGw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165d40fb25e6a-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC653INData Raw: 0a 2f 2a 2a 0a 20 2a 20 6a 51 75 65 72 79 20 4f 6e 63 65 20 50 6c 75 67 69 6e 20 76 31 2e 32 0a 20 2a 20 68 74 74 70 3a 2f 2f 70 6c 75 67 69 6e 73 2e 6a 71 75 65 72 79 2e 63 6f 6d 2f 70 72 6f 6a 65 63 74 2f 6f 6e 63 65 0a 20 2a 0a 20 2a 20 44 75 61 6c 20 6c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 61 6e 64 20 47 50 4c 20 6c 69 63 65 6e 73 65 73 3a 0a 20 2a 20 20 20 68 74 74 70 3a 2f 2f 77 77 77 2e 6f 70 65 6e 73 6f 75 72 63 65 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 73 2f 6d 69 74 2d 6c 69 63 65 6e 73 65 2e 70 68 70 0a 20 2a 20 20 20 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6e 75 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 73 2f 67 70 6c 2e 68 74 6d 6c 0a 20 2a 2f 0a 0a 28 66 75 6e 63 74 69 6f 6e 20 28 24 29 20 7b 0a 20 20 76 61 72 20 63 61 63 68
                                                                                                                                                                                                                                                                                      Data Ascii: /** * jQuery Once Plugin v1.2 * http://plugins.jquery.com/project/once * * Dual licensed under the MIT and GPL licenses: * http://www.opensource.org/licenses/mit-license.php * http://www.gnu.org/licenses/gpl.html */(function ($) { var cach
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 61 20 66 75 6e 63 74 69 6f 6e 2c 20 69 74 20 77 69 6c 6c 20 62 65 20 70 61 73 73 65 64 20 6f 66 66 20 74 6f 20 74 68 65 20 66 6e 0a 20 20 20 2a 20 20 20 70 61 72 61 6d 65 74 65 72 20 61 6e 64 20 74 68 65 20 69 64 20 77 69 6c 6c 20 62 65 63 6f 6d 65 20 61 20 75 6e 69 71 75 65 20 69 64 65 6e 74 69 66 69 65 72 2c 20 72 65 70 72 65 73 65 6e 74 65 64 20 61 73 20 61 0a 20 20 20 2a 20 20 20 6e 75 6d 62 65 72 2e 0a 20 20 20 2a 0a 20 20 20 2a 20 20 20 57 68 65 6e 20 74 68 65 20 69 64 20 69 73 20 6e 65 69 74 68 65 72 20 61 20 73 74 72 69 6e 67 20 6f 72 20 61 20 66 75 6e 63 74 69 6f 6e 2c 20 69 74 20 62 65 63 6f 6d 65 73 20 61 20 75 6e 69 71 75 65 0a 20 20 20 2a 20 20 20 69 64 65 6e 74 69 66 69 65 72 2c 20 64 65 70 69 63 74 65 64 20 61 73 20 61 20 6e 75 6d 62 65 72
                                                                                                                                                                                                                                                                                      Data Ascii: a function, it will be passed off to the fn * parameter and the id will become a unique identifier, represented as a * number. * * When the id is neither a string or a function, it becomes a unique * identifier, depicted as a number
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC952INData Raw: 65 6e 74 73 3b 0a 20 20 7d 3b 0a 0a 20 20 2f 2a 2a 0a 20 20 20 2a 20 46 69 6c 74 65 72 73 20 65 6c 65 6d 65 6e 74 73 20 74 68 61 74 20 68 61 76 65 20 62 65 65 6e 20 70 72 6f 63 65 73 73 65 64 20 6f 6e 63 65 20 61 6c 72 65 61 64 79 2e 0a 20 20 20 2a 0a 20 20 20 2a 20 40 70 61 72 61 6d 20 69 64 0a 20 20 20 2a 20 20 20 41 20 72 65 71 75 69 72 65 64 20 73 74 72 69 6e 67 20 72 65 70 72 65 73 65 6e 74 69 6e 67 20 74 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 63 6c 61 73 73 20 77 68 69 63 68 20 73 68 6f 75 6c 64 20 62 65 20 75 73 65 64 0a 20 20 20 2a 20 20 20 77 68 65 6e 20 66 69 6c 74 65 72 69 6e 67 20 74 68 65 20 65 6c 65 6d 65 6e 74 73 2e 20 54 68 69 73 20 6f 6e 6c 79 20 66 69 6c 74 65 72 73 20 65 6c 65 6d 65 6e 74 73 20 74 68 61 74 20 68 61 76 65 20 61 6c
                                                                                                                                                                                                                                                                                      Data Ascii: ents; }; /** * Filters elements that have been processed once already. * * @param id * A required string representing the name of the class which should be used * when filtering the elements. This only filters elements that have al


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      32192.168.2.849782172.67.164.2234435820C:\Program Files (x86)\ImBatch\ImBatch.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC99OUTGET /upd/imbatch/version HTTP/1.1
                                                                                                                                                                                                                                                                                      User-Agent: ImBatchUpdater
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC659INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:17 GMT
                                                                                                                                                                                                                                                                                      Content-Length: 5
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Tue, 13 Aug 2024 13:55:00 GMT
                                                                                                                                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=1209600
                                                                                                                                                                                                                                                                                      expires: Mon, 21 Oct 2024 22:41:17 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N0GVyOCa%2FCVKooe69aazVt61psfd%2BeIq%2FlGvo0pz6VF%2FzDcnIlRkkPcngx3ji6W5Ne%2BedwJczmRhFCHgpc47OYbhs9PDs9Af8KUmmoceeMpNgrJsJksmTOHzpOnKejjHWQ1irV%2BVVn6THvcAMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165d439dd42c2-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC5INData Raw: 37 2e 36 2e 32
                                                                                                                                                                                                                                                                                      Data Ascii: 7.6.2


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      33192.168.2.849784104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC609OUTGET /sites/all/modules/superfish/superfish.js?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC705INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:17 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                                                                                                      Content-Length: 1445
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Mon, 08 Jul 2013 12:07:32 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 03 Nov 2024 00:41:50 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 338367
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sotn2ZqbxSy1Bt2tKFd4kKF9FlsIkBQMkveTo9b3THU9%2BUii1nEsVHB7r66NfIqH%2Bb8A0N096NxjUmOuLYtv2R7AS5LnQOAZyu3VCXgMStzar2ba3ciLvz9EnsKuqQPDWo0hE0zt63h%2Fat%2FmMw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165d659b0423d-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC664INData Raw: 2f 2a 2a 0a 20 2a 20 40 66 69 6c 65 0a 20 2a 20 54 68 65 20 53 75 70 65 72 66 69 73 68 20 44 72 75 70 61 6c 20 42 65 68 61 76 69 6f 72 20 74 6f 20 61 70 70 6c 79 20 74 68 65 20 53 75 70 65 72 66 69 73 68 20 6a 51 75 65 72 79 20 70 6c 75 67 69 6e 20 74 6f 20 6c 69 73 74 73 2e 0a 20 2a 2f 0a 0a 28 66 75 6e 63 74 69 6f 6e 20 28 24 29 20 7b 0a 20 20 44 72 75 70 61 6c 2e 62 65 68 61 76 69 6f 72 73 2e 73 75 70 65 72 66 69 73 68 20 3d 20 7b 0a 20 20 20 20 61 74 74 61 63 68 3a 20 66 75 6e 63 74 69 6f 6e 20 28 63 6f 6e 74 65 78 74 2c 20 73 65 74 74 69 6e 67 73 29 20 7b 0a 20 20 20 20 20 20 2f 2f 20 54 61 6b 65 20 61 20 6c 6f 6f 6b 20 61 74 20 65 61 63 68 20 6c 69 73 74 20 74 6f 20 61 70 70 6c 79 20 53 75 70 65 72 66 69 73 68 20 74 6f 2e 0a 20 20 20 20 20 20 24 2e
                                                                                                                                                                                                                                                                                      Data Ascii: /** * @file * The Superfish Drupal Behavior to apply the Superfish jQuery plugin to lists. */(function ($) { Drupal.behaviors.superfish = { attach: function (context, settings) { // Take a look at each list to apply Superfish to. $.
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC781INData Raw: 75 67 69 6e 73 2e 73 75 70 65 72 73 75 62 73 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 2f 2f 20 41 70 70 6c 79 20 53 75 70 65 72 66 69 73 68 20 74 6f 20 74 68 65 20 6c 69 73 74 2e 0a 20 20 20 20 20 20 20 20 20 20 6c 69 73 74 2e 73 75 70 65 72 66 69 73 68 28 6f 70 74 69 6f 6e 73 2e 73 66 29 3b 0a 0a 20 20 20 20 20 20 20 20 20 20 2f 2f 20 43 68 65 63 6b 20 69 66 20 77 65 20 61 72 65 20 74 6f 20 61 70 70 6c 79 20 61 6e 79 20 6f 74 68 65 72 20 70 6c 75 67 2d 69 6e 20 74 6f 20 69 74 2e 0a 20 20 20 20 20 20 20 20 20 20 69 66 20 28 6f 70 74 69 6f 6e 73 2e 70 6c 75 67 69 6e 73 20 7c 7c 20 66 61 6c 73 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 6f 70 74 69 6f 6e 73 2e
                                                                                                                                                                                                                                                                                      Data Ascii: ugins.supersubs); } } // Apply Superfish to the list. list.superfish(options.sf); // Check if we are to apply any other plug-in to it. if (options.plugins || false) { if (options.


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      34192.168.2.849785104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC372OUTGET /misc/jquery.js?v=1.4.4 HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC703INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:17 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                                                                                                      Content-Length: 78601
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 06 Dec 2023 14:25:06 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 16:15:41 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2183136
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AiETWo3E2T43Vu2jDu16f%2BuYftcbcOqAtU4fMpLTB7luRUNe6jN7Zx058ggiH43P5VbF7ESvFsfIgC4j7KdC5mMaHHPc7TZxzgzy273nllmRyDWxMKFWtZ8%2B761TUsueo7IzAyU99GVHp7Eiqw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165d65e4f4225-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC666INData Raw: 2f 2a 21 0a 20 2a 20 6a 51 75 65 72 79 20 4a 61 76 61 53 63 72 69 70 74 20 4c 69 62 72 61 72 79 20 76 31 2e 34 2e 34 0a 20 2a 20 68 74 74 70 3a 2f 2f 6a 71 75 65 72 79 2e 63 6f 6d 2f 0a 20 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 30 2c 20 4a 6f 68 6e 20 52 65 73 69 67 0a 20 2a 20 44 75 61 6c 20 6c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 6f 72 20 47 50 4c 20 56 65 72 73 69 6f 6e 20 32 20 6c 69 63 65 6e 73 65 73 2e 0a 20 2a 20 68 74 74 70 3a 2f 2f 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 0a 20 2a 0a 20 2a 20 49 6e 63 6c 75 64 65 73 20 53 69 7a 7a 6c 65 2e 6a 73 0a 20 2a 20 68 74 74 70 3a 2f 2f 73 69 7a 7a 6c 65 6a 73 2e 63 6f 6d 2f 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 30 2c 20 54 68 65 20 44
                                                                                                                                                                                                                                                                                      Data Ascii: /*! * jQuery JavaScript Library v1.4.4 * http://jquery.com/ * * Copyright 2010, John Resig * Dual licensed under the MIT or GPL Version 2 licenses. * http://jquery.org/license * * Includes Sizzle.js * http://sizzlejs.com/ * Copyright 2010, The D
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 63 61 28 29 7b 72 65 74 75 72 6e 20 74 72 75 65 7d 66 75 6e 63 74 69 6f 6e 20 6c 61 28 61 2c 62 2c 64 29 7b 64 5b 30 5d 2e 74 79 70 65 3d 61 3b 72 65 74 75 72 6e 20 63 2e 65 76 65 6e 74 2e 68 61 6e 64 6c 65 2e 61 70 70 6c 79 28 62 2c 64 29 7d 66 75 6e 63 74 69 6f 6e 20 4b 61 28 61 29 7b 76 61 72 20 62 2c 64 2c 65 2c 66 2c 68 2c 6c 2c 6b 2c 6f 2c 78 2c 72 2c 41 2c 43 3d 5b 5d 3b 66 3d 5b 5d 3b 68 3d 63 2e 64 61 74 61 28 74 68 69 73 2c 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 3f 22 65 76 65 6e 74 73 22 3a 22 5f 5f 65 76 65 6e 74 73 5f 5f 22 29 3b 69 66 28 74 79 70 65 6f 66 20 68 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 68 3d 0a 68 2e 65 76 65 6e 74 73 3b 69 66 28 21 28 61 2e 6c 69 76 65 46 69 72 65 64 3d 3d 3d 74 68 69 73 7c 7c 21 68 7c 7c 21 68 2e 6c 69 76
                                                                                                                                                                                                                                                                                      Data Ascii: ca(){return true}function la(a,b,d){d[0].type=a;return c.event.handle.apply(b,d)}function Ka(a){var b,d,e,f,h,l,k,o,x,r,A,C=[];f=[];h=c.data(this,this.nodeType?"events":"__events__");if(typeof h==="function")h=h.events;if(!(a.liveFired===this||!h||!h.liv
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 75 72 6e 20 63 2e 67 72 65 70 28 61 2c 66 75 6e 63 74 69 6f 6e 28 66 29 7b 72 65 74 75 72 6e 20 66 3d 3d 3d 62 3d 3d 3d 64 7d 29 3b 65 6c 73 65 20 69 66 28 74 79 70 65 6f 66 20 62 3d 3d 3d 22 73 74 72 69 6e 67 22 29 7b 76 61 72 20 65 3d 63 2e 67 72 65 70 28 61 2c 66 75 6e 63 74 69 6f 6e 28 66 29 7b 72 65 74 75 72 6e 20 66 2e 6e 6f 64 65 54 79 70 65 3d 3d 3d 31 7d 29 3b 69 66 28 4e 61 2e 74 65 73 74 28 62 29 29 72 65 74 75 72 6e 20 63 2e 66 69 6c 74 65 72 28 62 2c 65 2c 21 64 29 3b 65 6c 73 65 20 62 3d 63 2e 66 69 6c 74 65 72 28 62 2c 65 29 7d 72 65 74 75 72 6e 20 63 2e 67 72 65 70 28 61 2c 66 75 6e 63 74 69 6f 6e 28 66 29 7b 72 65 74 75 72 6e 20 63 2e 69 6e 41 72 72 61 79 28 66 2c 62 29 3e 3d 30 3d 3d 3d 64 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 6e 61 28 61
                                                                                                                                                                                                                                                                                      Data Ascii: urn c.grep(a,function(f){return f===b===d});else if(typeof b==="string"){var e=c.grep(a,function(f){return f.nodeType===1});if(Na.test(b))return c.filter(b,e,!d);else b=c.filter(b,e)}return c.grep(a,function(f){return c.inArray(f,b)>=0===d})}function na(a
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 3c 22 2b 0a 61 2b 22 3e 22 29 2e 61 70 70 65 6e 64 54 6f 28 22 62 6f 64 79 22 29 2c 64 3d 62 2e 63 73 73 28 22 64 69 73 70 6c 61 79 22 29 3b 62 2e 72 65 6d 6f 76 65 28 29 3b 69 66 28 64 3d 3d 3d 22 6e 6f 6e 65 22 7c 7c 64 3d 3d 3d 22 22 29 64 3d 22 62 6c 6f 63 6b 22 3b 65 61 5b 61 5d 3d 64 7d 72 65 74 75 72 6e 20 65 61 5b 61 5d 7d 66 75 6e 63 74 69 6f 6e 20 66 61 28 61 29 7b 72 65 74 75 72 6e 20 63 2e 69 73 57 69 6e 64 6f 77 28 61 29 3f 61 3a 61 2e 6e 6f 64 65 54 79 70 65 3d 3d 3d 39 3f 61 2e 64 65 66 61 75 6c 74 56 69 65 77 7c 7c 61 2e 70 61 72 65 6e 74 57 69 6e 64 6f 77 3a 66 61 6c 73 65 7d 76 61 72 20 74 3d 45 2e 64 6f 63 75 6d 65 6e 74 2c 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 61 28 29 7b 69 66 28 21 62 2e 69 73 52 65 61 64
                                                                                                                                                                                                                                                                                      Data Ascii: <"+a+">").appendTo("body"),d=b.css("display");b.remove();if(d==="none"||d==="")d="block";ea[a]=d}return ea[a]}function fa(a){return c.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:false}var t=E.document,c=function(){function a(){if(!b.isRead
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 28 7a 5b 31 5d 29 5d 3b 62 2e 66 6e 2e 61 74 74 72 2e 63 61 6c 6c 28 6a 2c 73 2c 74 72 75 65 29 7d 65 6c 73 65 20 6a 3d 5b 48 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 7a 5b 31 5d 29 5d 3b 65 6c 73 65 7b 7a 3d 62 2e 62 75 69 6c 64 46 72 61 67 6d 65 6e 74 28 5b 76 5b 31 5d 5d 2c 5b 48 5d 29 3b 6a 3d 28 7a 2e 63 61 63 68 65 61 62 6c 65 3f 7a 2e 66 72 61 67 6d 65 6e 74 2e 63 6c 6f 6e 65 4e 6f 64 65 28 74 72 75 65 29 3a 7a 2e 66 72 61 67 6d 65 6e 74 29 2e 63 68 69 6c 64 4e 6f 64 65 73 7d 72 65 74 75 72 6e 20 62 2e 6d 65 72 67 65 28 74 68 69 73 2c 0a 6a 29 7d 65 6c 73 65 7b 69 66 28 28 7a 3d 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 76 5b 32 5d 29 29 26 26 7a 2e 70 61 72 65 6e 74 4e 6f 64 65 29 7b 69 66 28 7a 2e 69 64 21 3d 3d 76 5b 32 5d 29 72 65
                                                                                                                                                                                                                                                                                      Data Ascii: (z[1])];b.fn.attr.call(j,s,true)}else j=[H.createElement(z[1])];else{z=b.buildFragment([v[1]],[H]);j=(z.cacheable?z.fragment.cloneNode(true):z.fragment).childNodes}return b.merge(this,j)}else{if((z=t.getElementById(v[2]))&&z.parentNode){if(z.id!==v[2])re
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 6b 28 4e 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 2c 22 73 6c 69 63 65 22 2c 4e 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 29 2e 6a 6f 69 6e 28 22 2c 22 29 29 7d 2c 6d 61 70 3a 66 75 6e 63 74 69 6f 6e 28 6a 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 62 2e 6d 61 70 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 73 2c 76 29 7b 72 65 74 75 72 6e 20 6a 2e 63 61 6c 6c 28 73 2c 76 2c 73 29 7d 29 29 7d 2c 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 72 65 76 4f 62 6a 65 63 74 7c 7c 62 28 6e 75 6c 6c 29 7d 2c 70 75 73 68 3a 4d 2c 73 6f 72 74 3a 5b 5d 2e 73 6f 72 74 2c 73 70 6c 69 63 65 3a 5b 5d 2e 73 70 6c 69 63 65 7d 3b 62 2e 66 6e 2e 69 6e 69 74 2e 70 72 6f 74 6f 74 79
                                                                                                                                                                                                                                                                                      Data Ascii: k(N.apply(this,arguments),"slice",N.call(arguments).join(","))},map:function(j){return this.pushStack(b.map(this,function(s,v){return j.call(s,v,s)}))},end:function(){return this.prevObject||b(null)},push:M,sort:[].sort,splice:[].splice};b.fn.init.prototy
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 76 65 6e 74 28 22 6f 6e 6c 6f 61 64 22 2c 0a 62 2e 72 65 61 64 79 29 3b 76 61 72 20 6a 3d 66 61 6c 73 65 3b 74 72 79 7b 6a 3d 45 2e 66 72 61 6d 65 45 6c 65 6d 65 6e 74 3d 3d 6e 75 6c 6c 7d 63 61 74 63 68 28 73 29 7b 7d 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 64 6f 53 63 72 6f 6c 6c 26 26 6a 26 26 61 28 29 7d 7d 7d 2c 69 73 46 75 6e 63 74 69 6f 6e 3a 66 75 6e 63 74 69 6f 6e 28 6a 29 7b 72 65 74 75 72 6e 20 62 2e 74 79 70 65 28 6a 29 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 7d 2c 69 73 41 72 72 61 79 3a 41 72 72 61 79 2e 69 73 41 72 72 61 79 7c 7c 66 75 6e 63 74 69 6f 6e 28 6a 29 7b 72 65 74 75 72 6e 20 62 2e 74 79 70 65 28 6a 29 3d 3d 3d 22 61 72 72 61 79 22 7d 2c 69 73 57 69 6e 64 6f 77 3a 66 75 6e 63 74 69 6f 6e 28 6a 29 7b 72 65 74 75 72 6e
                                                                                                                                                                                                                                                                                      Data Ascii: vent("onload",b.ready);var j=false;try{j=E.frameElement==null}catch(s){}t.documentElement.doScroll&&j&&a()}}},isFunction:function(j){return b.type(j)==="function"},isArray:Array.isArray||function(j){return b.type(j)==="array"},isWindow:function(j){return
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 72 43 61 73 65 28 29 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 6a 2c 73 2c 76 29 7b 76 61 72 20 7a 2c 48 3d 30 2c 47 3d 6a 2e 6c 65 6e 67 74 68 2c 4b 3d 47 3d 3d 3d 42 7c 7c 62 2e 69 73 46 75 6e 63 74 69 6f 6e 28 6a 29 3b 69 66 28 76 29 69 66 28 4b 29 66 6f 72 28 7a 20 69 6e 20 6a 29 7b 69 66 28 73 2e 61 70 70 6c 79 28 6a 5b 7a 5d 2c 76 29 3d 3d 3d 66 61 6c 73 65 29 62 72 65 61 6b 7d 65 6c 73 65 20 66 6f 72 28 3b 48 3c 47 3b 29 7b 69 66 28 73 2e 61 70 70 6c 79 28 6a 5b 48 2b 2b 5d 2c 76 29 3d 3d 3d 66 61 6c 73 65 29 62 72 65 61 6b 7d 65 6c 73 65 20 69 66 28 4b 29 66 6f 72 28 7a 20 69 6e 20 6a 29 7b 69 66 28 73 2e 63 61 6c 6c 28 6a 5b 7a 5d 2c 0a 7a 2c 6a 5b 7a 5d 29 3d 3d 3d 66 61 6c 73 65 29 62 72 65 61 6b 7d 65 6c 73 65 20 66 6f 72 28 76 3d 6a 5b
                                                                                                                                                                                                                                                                                      Data Ascii: rCase()},each:function(j,s,v){var z,H=0,G=j.length,K=G===B||b.isFunction(j);if(v)if(K)for(z in j){if(s.apply(j[z],v)===false)break}else for(;H<G;){if(s.apply(j[H++],v)===false)break}else if(K)for(z in j){if(s.call(j[z],z,j[z])===false)break}else for(v=j[
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 75 6e 63 74 69 6f 6e 28 6a 2c 73 2c 76 2c 7a 2c 48 2c 47 29 7b 76 61 72 20 4b 3d 6a 2e 6c 65 6e 67 74 68 3b 69 66 28 74 79 70 65 6f 66 20 73 3d 3d 3d 22 6f 62 6a 65 63 74 22 29 7b 66 6f 72 28 76 61 72 20 51 20 69 6e 20 73 29 62 2e 61 63 63 65 73 73 28 6a 2c 51 2c 73 5b 51 5d 2c 7a 2c 48 2c 76 29 3b 72 65 74 75 72 6e 20 6a 7d 69 66 28 76 21 3d 3d 42 29 7b 7a 3d 21 47 26 26 7a 26 26 62 2e 69 73 46 75 6e 63 74 69 6f 6e 28 76 29 3b 66 6f 72 28 51 3d 30 3b 51 3c 4b 3b 51 2b 2b 29 48 28 6a 5b 51 5d 2c 73 2c 7a 3f 76 2e 63 61 6c 6c 28 6a 5b 51 5d 2c 51 2c 48 28 6a 5b 51 5d 2c 73 29 29 3a 76 2c 47 29 3b 72 65 74 75 72 6e 20 6a 7d 72 65 74 75 72 6e 20 4b 3f 48 28 6a 5b 30 5d 2c 73 29 3a 42 7d 2c 6e 6f 77 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 28 6e
                                                                                                                                                                                                                                                                                      Data Ascii: unction(j,s,v,z,H,G){var K=j.length;if(typeof s==="object"){for(var Q in s)b.access(j,Q,s[Q],z,H,v);return j}if(v!==B){z=!G&&z&&b.isFunction(v);for(Q=0;Q<K;Q++)H(j[Q],s,z?v.call(j[Q],Q,H(j[Q],s)):v,G);return j}return K?H(j[0],s):B},now:function(){return(n
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:17 UTC1369INData Raw: 67 4e 61 6d 65 28 22 61 22 29 5b 30 5d 2c 6c 3d 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 65 6c 65 63 74 22 29 2c 0a 6b 3d 6c 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 6f 70 74 69 6f 6e 22 29 29 3b 69 66 28 21 28 21 66 7c 7c 21 66 2e 6c 65 6e 67 74 68 7c 7c 21 68 29 29 7b 63 2e 73 75 70 70 6f 72 74 3d 7b 6c 65 61 64 69 6e 67 57 68 69 74 65 73 70 61 63 65 3a 64 2e 66 69 72 73 74 43 68 69 6c 64 2e 6e 6f 64 65 54 79 70 65 3d 3d 3d 33 2c 74 62 6f 64 79 3a 21 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 74 62 6f 64 79 22 29 2e 6c 65 6e 67 74 68 2c 68 74 6d 6c 53 65 72 69 61 6c 69 7a 65 3a 21 21 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 6c 69 6e
                                                                                                                                                                                                                                                                                      Data Ascii: gName("a")[0],l=t.createElement("select"),k=l.appendChild(t.createElement("option"));if(!(!f||!f.length||!h)){c.support={leadingWhitespace:d.firstChild.nodeType===3,tbody:!d.getElementsByTagName("tbody").length,htmlSerialize:!!d.getElementsByTagName("lin


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      35192.168.2.849786104.193.111.1174435820C:\Program Files (x86)\ImBatch\ImBatch.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC248OUTGET /a/banner/check.php?pid=110&b=762&l=0&f=n&ab=%3CClick%20to%20set%20your%20name%20here%3E&c=91DA9E9C&cid={DC960FFD-14A7-48B7-83D1-6FA0A6445A05}&rc=1&nocache=148 HTTP/1.1
                                                                                                                                                                                                                                                                                      User-Agent: ImBatch
                                                                                                                                                                                                                                                                                      Host: www.bolidesoft.com
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC352INData Raw: 48 54 54 50 2f 31 2e 30 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 30 37 20 4f 63 74 20 32 30 32 34 20 32 32 3a 34 31 3a 31 38 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 0d 0a 45 78 70 69 72 65 73 3a 20 54 68 75 2c 20 31 39 20 4e 6f 76 20 31 39 38 31 20 30 38 3a 35 32 3a 30 30 20 47 4d 54 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 50 48 50 53 45 53 53 49 44 3d 35 61 66 32 31 37 38 61 65 66 37 65 37 37 36 62 35 64 64 38 35 34 61 32 36 37 63 31 63 64 30 66 3b 20 70 61 74 68 3d 2f 0d 0a 55 70 67 72 61 64 65 3a 20 68 32
                                                                                                                                                                                                                                                                                      Data Ascii: HTTP/1.0 200 OKDate: Mon, 07 Oct 2024 22:41:18 GMTServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheSet-Cookie: PHPSESSID=5af2178aef7e776b5dd854a267c1cd0f; path=/Upgrade: h2
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC31INData Raw: 4f 4b 5b 32 30 32 34 31 30 30 37 5d 7b 22 66 6c 66 22 3a 22 3c 64 65 73 6b 74 6f 70 3e 22 7d
                                                                                                                                                                                                                                                                                      Data Ascii: OK[20241007]{"flf":"<desktop>"}


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      36192.168.2.849787172.67.164.2234435820C:\Program Files (x86)\ImBatch\ImBatch.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC95OUTGET /upd/imbatch/url HTTP/1.1
                                                                                                                                                                                                                                                                                      User-Agent: ImBatchUpdater
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC658INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:18 GMT
                                                                                                                                                                                                                                                                                      Content-Length: 58
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 07 Oct 2020 14:10:43 GMT
                                                                                                                                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=1209600
                                                                                                                                                                                                                                                                                      expires: Mon, 21 Oct 2024 22:41:18 GMT
                                                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IFS4ob670b%2FLs4VdNKoAqiNVnKaouqGzuZJpv4Ox489nFRpaGrdRHphpV%2BHbNmQZfG6%2BoG0A5TR6Ehmt2IMSC72RgrW9Yf%2FT3Eqwpk3VPLQzJYu5uWxMSBkkKV2qQBN2yj7LPIE%2Bp5DsYLArkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165d9cc078c45-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC58INData Raw: 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 69 67 68 6d 6f 74 69 6f 6e 73 6f 66 74 77 61 72 65 2e 63 6f 6d 2f 64 6f 77 6e 6c 6f 61 64 2d 63 65 6e 74 65 72 2f 69 6d 62 61 74 63 68
                                                                                                                                                                                                                                                                                      Data Ascii: https://www.highmotionsoftware.com/download-center/imbatch


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      37192.168.2.849795104.16.79.73443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC640OUTGET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: static.cloudflareinsights.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      Origin: https://www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC373INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:18 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/javascript;charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 19948
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Cache-Control: public, max-age=86400
                                                                                                                                                                                                                                                                                      ETag: W/"2024.6.1"
                                                                                                                                                                                                                                                                                      Last-Modified: Thu, 06 Jun 2024 15:52:56 GMT
                                                                                                                                                                                                                                                                                      Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165da7ea6c3fa-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC996INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 33 34 33 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 6f 72 28 76 61 72 20 74 3d 5b 5d 2c 6e 3d 30 3b 6e 3c 32 35 36 3b 2b 2b 6e 29 74 5b 6e 5d 3d 28 6e 2b 32 35 36 29 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 2e 73 75 62 73 74 72 28 31 29 3b 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 76 61 72 20 72 3d 6e 7c 7c 30 2c 69 3d 74 3b 72 65 74 75 72 6e 5b 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 22 2d 22 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 22 2d 22 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 22 2d 22 2c 69 5b 65 5b 72 2b
                                                                                                                                                                                                                                                                                      Data Ascii: !function(){var e={343:function(e){"use strict";for(var t=[],n=0;n<256;++n)t[n]=(n+256).toString(16).substr(1);e.exports=function(e,n){var r=n||0,i=t;return[i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r+
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC1369INData Raw: 3b 69 66 28 61 5b 36 5d 3d 31 35 26 61 5b 36 5d 7c 36 34 2c 61 5b 38 5d 3d 36 33 26 61 5b 38 5d 7c 31 32 38 2c 74 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 31 36 3b 2b 2b 63 29 74 5b 6f 2b 63 5d 3d 61 5b 63 5d 3b 72 65 74 75 72 6e 20 74 7c 7c 69 28 61 29 7d 7d 2c 31 36 38 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 72 3d 74 68 69 73 26 26 74 68 69 73 2e 5f 5f 61 73 73 69 67 6e 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 3d 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 7c 7c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 3d 31 2c 72 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 6e 3c 72 3b 6e 2b 2b 29 66 6f 72 28 76 61 72 20 69 20 69 6e 20 74 3d 61 72 67
                                                                                                                                                                                                                                                                                      Data Ascii: ;if(a[6]=15&a[6]|64,a[8]=63&a[8]|128,t)for(var c=0;c<16;++c)t[o+c]=a[c];return t||i(a)}},168:function(e,t,n){"use strict";var r=this&&this.__assign||function(){return r=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var i in t=arg
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC1369INData Raw: 72 63 68 50 61 72 61 6d 73 29 7b 76 61 72 20 79 3d 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 28 67 2e 72 65 70 6c 61 63 65 28 2f 5e 5b 5e 5c 3f 5d 2b 5c 3f 3f 2f 2c 22 22 29 29 2c 68 3d 79 2e 67 65 74 28 22 74 6f 6b 65 6e 22 29 3b 68 26 26 28 70 2e 74 6f 6b 65 6e 3d 68 29 3b 76 61 72 20 54 3d 79 2e 67 65 74 28 22 73 70 61 22 29 3b 70 2e 73 70 61 3d 6e 75 6c 6c 3d 3d 3d 54 7c 7c 22 74 72 75 65 22 3d 3d 3d 54 7d 7d 70 26 26 22 6d 75 6c 74 69 22 21 3d 3d 70 2e 6c 6f 61 64 26 26 28 70 2e 6c 6f 61 64 3d 22 73 69 6e 67 6c 65 22 29 2c 77 69 6e 64 6f 77 2e 5f 5f 63 66 42 65 61 63 6f 6e 3d 70 7d 69 66 28 73 26 26 70 26 26 70 2e 74 6f 6b 65 6e 29 7b 76 61 72 20 77 2c 53 2c 62 3d 21 31 3b 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74
                                                                                                                                                                                                                                                                                      Data Ascii: rchParams){var y=new URLSearchParams(g.replace(/^[^\?]+\??/,"")),h=y.get("token");h&&(p.token=h);var T=y.get("spa");p.spa=null===T||"true"===T}}p&&"multi"!==p.load&&(p.load="single"),window.__cfBeacon=p}if(s&&p&&p.token){var w,S,b=!1;document.addEventList
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC1369INData Raw: 2e 74 69 6d 69 6e 67 73 56 32 3d 7b 7d 2c 64 2e 76 65 72 73 69 6f 6e 73 2e 74 69 6d 69 6e 67 73 3d 32 2c 64 2e 64 74 3d 6d 5b 30 5d 2e 64 65 6c 69 76 65 72 79 54 79 70 65 2c 64 65 6c 65 74 65 20 64 2e 74 69 6d 69 6e 67 73 2c 74 28 6d 5b 30 5d 2c 64 2e 74 69 6d 69 6e 67 73 56 32 29 29 7d 31 3d 3d 3d 64 2e 76 65 72 73 69 6f 6e 73 2e 74 69 6d 69 6e 67 73 26 26 74 28 63 2c 64 2e 74 69 6d 69 6e 67 73 29 2c 74 28 75 2c 64 2e 6d 65 6d 6f 72 79 29 7d 65 6c 73 65 20 4f 28 64 29 3b 72 65 74 75 72 6e 20 64 2e 66 69 72 73 74 50 61 69 6e 74 3d 6b 28 22 66 69 72 73 74 2d 70 61 69 6e 74 22 29 2c 64 2e 66 69 72 73 74 43 6f 6e 74 65 6e 74 66 75 6c 50 61 69 6e 74 3d 6b 28 22 66 69 72 73 74 2d 63 6f 6e 74 65 6e 74 66 75 6c 2d 70 61 69 6e 74 22 29 2c 70 26 26 28 70 2e 69 63
                                                                                                                                                                                                                                                                                      Data Ascii: .timingsV2={},d.versions.timings=2,d.dt=m[0].deliveryType,delete d.timings,t(m[0],d.timingsV2))}1===d.versions.timings&&t(c,d.timings),t(u,d.memory)}else O(d);return d.firstPaint=k("first-paint"),d.firstContentfulPaint=k("first-contentful-paint"),p&&(p.ic
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC1369INData Raw: 65 72 65 64 3a 21 30 7d 7d 3b 22 63 6f 6d 70 6c 65 74 65 22 3d 3d 3d 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 3f 52 28 29 3a 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 73 65 74 54 69 6d 65 6f 75 74 28 52 29 7d 29 29 3b 76 61 72 20 41 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 4c 26 26 30 3d 3d 3d 76 2e 66 69 6c 74 65 72 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 69 64 3d 3d 3d 6c 7d 29 29 2e 6c 65 6e 67 74 68 7d 2c 5f 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 2e 70 75 73 68 28 7b 69 64 3a 6c 2c 75 72 6c 3a 65 2c 74 73 3a 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65
                                                                                                                                                                                                                                                                                      Data Ascii: ered:!0}};"complete"===window.document.readyState?R():window.addEventListener("load",(function(){window.setTimeout(R)}));var A=function(){return L&&0===v.filter((function(e){return e.id===l})).length},_=function(e){v.push({id:l,url:e,ts:(new Date).getTime
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC1369INData Raw: 72 63 65 4c 6f 61 64 54 69 6d 65 2c 45 2e 6c 63 70 2e 65 72 64 3d 63 2e 65 6c 65 6d 65 6e 74 52 65 6e 64 65 72 44 65 6c 61 79 2c 45 2e 6c 63 70 2e 69 74 3d 6e 75 6c 6c 3d 3d 3d 28 69 3d 63 2e 6c 63 70 52 65 73 6f 75 72 63 65 45 6e 74 72 79 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 69 3f 76 6f 69 64 20 30 3a 69 2e 69 6e 69 74 69 61 74 6f 72 54 79 70 65 2c 45 2e 6c 63 70 2e 66 70 3d 6e 75 6c 6c 3d 3d 3d 28 61 3d 6e 75 6c 6c 3d 3d 3d 28 6f 3d 63 2e 6c 63 70 45 6e 74 72 79 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 6f 3f 76 6f 69 64 20 30 3a 6f 2e 65 6c 65 6d 65 6e 74 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 61 3f 76 6f 69 64 20 30 3a 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 66 65 74 63 68 70 72 69 6f 72 69 74 79 22 29 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 49 4e 50 22
                                                                                                                                                                                                                                                                                      Data Ascii: rceLoadTime,E.lcp.erd=c.elementRenderDelay,E.lcp.it=null===(i=c.lcpResourceEntry)||void 0===i?void 0:i.initiatorType,E.lcp.fp=null===(a=null===(o=c.lcpEntry)||void 0===o?void 0:o.element)||void 0===a?void 0:a.getAttribute("fetchpriority"));break;case"INP"
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC1369INData Raw: 64 65 64 42 6f 64 79 53 69 7a 65 26 26 28 72 2e 64 65 63 6f 64 65 64 42 6f 64 79 53 69 7a 65 3d 6e 5b 30 5d 2e 64 65 63 6f 64 65 64 42 6f 64 79 53 69 7a 65 29 2c 65 2e 64 74 3d 6e 5b 30 5d 2e 64 65 6c 69 76 65 72 79 54 79 70 65 29 2c 74 28 72 2c 65 2e 74 69 6d 69 6e 67 73 56 32 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 6b 28 65 29 7b 76 61 72 20 74 3b 69 66 28 22 66 69 72 73 74 2d 63 6f 6e 74 65 6e 74 66 75 6c 2d 70 61 69 6e 74 22 3d 3d 3d 65 26 26 45 2e 66 63 70 26 26 45 2e 66 63 70 2e 76 61 6c 75 65 29 72 65 74 75 72 6e 20 45 2e 66 63 70 2e 76 61 6c 75 65 3b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 73 2e 67 65 74 45 6e 74 72 69 65 73 42 79 54 79 70 65 29 7b 76 61 72 20 6e 3d 6e 75 6c 6c 3d 3d 3d 28 74 3d 73 2e 67 65 74 45 6e 74 72 69
                                                                                                                                                                                                                                                                                      Data Ascii: dedBodySize&&(r.decodedBodySize=n[0].decodedBodySize),e.dt=n[0].deliveryType),t(r,e.timingsV2)}}function k(e){var t;if("first-contentful-paint"===e&&E.fcp&&E.fcp.value)return E.fcp.value;if("function"==typeof s.getEntriesByType){var n=null===(t=s.getEntri
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC1369INData Raw: 76 65 6e 74 54 79 70 65 3d 7b 7d 29 29 5b 72 2e 4c 6f 61 64 3d 31 5d 3d 22 4c 6f 61 64 22 2c 72 5b 72 2e 41 64 64 69 74 69 6f 6e 61 6c 3d 32 5d 3d 22 41 64 64 69 74 69 6f 6e 61 6c 22 2c 72 5b 72 2e 57 65 62 56 69 74 61 6c 73 56 32 3d 33 5d 3d 22 57 65 62 56 69 74 61 6c 73 56 32 22 2c 28 6e 3d 74 2e 46 65 74 63 68 50 72 69 6f 72 69 74 79 7c 7c 28 74 2e 46 65 74 63 68 50 72 69 6f 72 69 74 79 3d 7b 7d 29 29 2e 48 69 67 68 3d 22 68 69 67 68 22 2c 6e 2e 4c 6f 77 3d 22 6c 6f 77 22 2c 6e 2e 41 75 74 6f 3d 22 61 75 74 6f 22 7d 2c 31 30 34 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 74 2c 6e 2c 72 2c 69 2c 6f 2c 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77
                                                                                                                                                                                                                                                                                      Data Ascii: ventType={}))[r.Load=1]="Load",r[r.Additional=2]="Additional",r[r.WebVitalsV2=3]="WebVitalsV2",(n=t.FetchPriority||(t.FetchPriority={})).High="high",n.Low="low",n.Auto="auto"},104:function(e,t){!function(e){"use strict";var t,n,r,i,o,a=function(){return w
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC1369INData Raw: 30 3f 72 3d 22 70 72 65 72 65 6e 64 65 72 22 3a 64 6f 63 75 6d 65 6e 74 2e 77 61 73 44 69 73 63 61 72 64 65 64 3f 72 3d 22 72 65 73 74 6f 72 65 22 3a 6e 2e 74 79 70 65 26 26 28 72 3d 6e 2e 74 79 70 65 2e 72 65 70 6c 61 63 65 28 2f 5f 2f 67 2c 22 2d 22 29 29 29 2c 7b 6e 61 6d 65 3a 65 2c 76 61 6c 75 65 3a 76 6f 69 64 20 30 3d 3d 3d 74 3f 2d 31 3a 74 2c 72 61 74 69 6e 67 3a 22 67 6f 6f 64 22 2c 64 65 6c 74 61 3a 30 2c 65 6e 74 72 69 65 73 3a 5b 5d 2c 69 64 3a 22 76 33 2d 22 2e 63 6f 6e 63 61 74 28 44 61 74 65 2e 6e 6f 77 28 29 2c 22 2d 22 29 2e 63 6f 6e 63 61 74 28 4d 61 74 68 2e 66 6c 6f 6f 72 28 38 39 39 39 39 39 39 39 39 39 39 39 39 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 29 2b 31 65 31 32 29 2c 6e 61 76 69 67 61 74 69 6f 6e 54 79 70 65 3a 72 7d 7d 2c
                                                                                                                                                                                                                                                                                      Data Ascii: 0?r="prerender":document.wasDiscarded?r="restore":n.type&&(r=n.type.replace(/_/g,"-"))),{name:e,value:void 0===t?-1:t,rating:"good",delta:0,entries:[],id:"v3-".concat(Date.now(),"-").concat(Math.floor(8999999999999*Math.random())+1e12),navigationType:r}},
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC1369INData Raw: 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 76 69 73 69 62 69 6c 69 74 79 63 68 61 6e 67 65 22 2c 62 2c 21 30 29 2c 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 70 72 65 72 65 6e 64 65 72 69 6e 67 63 68 61 6e 67 65 22 2c 62 2c 21 30 29 7d 2c 43 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77 3c 30 26 26 28 77 3d 53 28 29 2c 45 28 29 2c 6c 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 73 65 74 54 69 6d 65 6f 75 74 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 3d 53 28 29 2c 45 28 29 7d 29 2c 30 29 7d 29 29 29 2c 7b 67 65 74 20 66 69 72 73 74 48 69 64 64 65 6e 54 69 6d 65 28 29 7b 72 65 74 75 72 6e 20 77 7d 7d 7d 2c 50 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 64 6f 63 75 6d 65 6e 74 2e 70
                                                                                                                                                                                                                                                                                      Data Ascii: function(){removeEventListener("visibilitychange",b,!0),removeEventListener("prerenderingchange",b,!0)},C=function(){return w<0&&(w=S(),E(),l((function(){setTimeout((function(){w=S(),E()}),0)}))),{get firstHiddenTime(){return w}}},P=function(e){document.p


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      38192.168.2.849797157.240.251.35443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC868OUTGET /plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2FImBatch&width=550&height=290&show_faces=true&colorscheme=light&stream=false&border_color&header=true&appId=254901247880888 HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.facebook.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: iframe
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC770INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                      reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7423167547787923565", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                                                                                      report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7423167547787923565"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC1859INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 66 62 73 62 78 2e 63 6f 6d 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 3b 73 63 72 69 70 74 2d 73 72 63 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 31 32 37 2e 30 2e 30 2e 31 3a 2a 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 62 6c 6f 62 3a 20 64 61 74 61 3a 20 27 73 65 6c 66 27 20 63 6f 6e 6e 65 63 74 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 27
                                                                                                                                                                                                                                                                                      Data Ascii: content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net '
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC1679INData Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 73 65 6c 66 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 62 72 6f 77 73 69 6e 67 2d 74 6f 70 69 63 73 3d 28 73 65 6c 66 29 2c 20 63 61 6d 65 72 61 3d 28 73 65 6c 66 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63
                                                                                                                                                                                                                                                                                      Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), c
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC1500INData Raw: 31 61 34 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 69 64 3d 22 66 61 63 65 62 6f 6f 6b 22 20 63 6c 61 73 73 3d 22 6e 6f 5f 73 76 67 20 6e 6f 5f 6a 73 22 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 2d 77 68 65 6e 2d 63 72 6f 73 73 6f 72 69 67 69 6e 22 20 69 64 3d 22 6d 65 74 61 5f 72 65 66 65 72 72 65 72 22 20 2f 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 4d 61 71 4c 44 51 4c 7a 22 3e 66 75 6e 63 74 69 6f 6e 20 65 6e 76 46 6c 75 73 68 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 61
                                                                                                                                                                                                                                                                                      Data Ascii: 1a46<!DOCTYPE html><html lang="en" id="facebook" class="no_svg no_js"><head><meta charset="utf-8" /><meta name="referrer" content="origin-when-crossorigin" id="meta_referrer" /><script nonce="MaqLDQLz">function envFlush(a){function b(b){for(var c in a
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC1500INData Raw: 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 4b 2f 6c 2f 30 2c 63 72 6f 73 73 2f 4f 30 55 7a 32 51 30 6a 79 4b 65 2e 63 73 73 22 20 64 61 74 61 2d 62 6f 6f 74 6c 6f 61 64 65 72 2d 68 61 73 68 3d 22 49 54 63 42 75 58 50 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 2f 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 77 2f 72 2f 75 35 4f 4d 56 4c 56 6e 56 77 48 2e 6a 73 22 20 64 61 74 61 2d 62 6f 6f 74 6c 6f 61 64 65 72 2d 68 61 73 68 3d 22 56 51 31 43 70 4f 51 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63
                                                                                                                                                                                                                                                                                      Data Ascii: //static.xx.fbcdn.net/rsrc.php/v3/yK/l/0,cross/O0Uz2Q0jyKe.css" data-bootloader-hash="ITcBuXP" crossorigin="anonymous" /><script src="https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/u5OMVLVnVwH.js" data-bootloader-hash="VQ1CpOQ" crossorigin="anonymous"></sc
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC1500INData Raw: 6e 75 6c 6c 7d 2c 22 35 39 31 38 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 35 39 37 31 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 31 30 35 30 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 31 30 37 35 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 31 30 37 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 31 32 32 31 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 35 35 37 31 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a
                                                                                                                                                                                                                                                                                      Data Ascii: null},"5918":{"result":false,"hash":null},"5971":{"result":false,"hash":null},"21050":{"result":false,"hash":null},"21075":{"result":false,"hash":null},"21076":{"result":true,"hash":null},"1221":{"result":false,"hash":null},"25571":{"result":false,"hash":
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC1500INData Raw: 39 36 30 22 2c 5b 22 44 54 53 47 5f 41 53 59 4e 43 22 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 22 44 54 53 47 5f 41 53 59 4e 43 22 2c 6e 75 6c 6c 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 36 39 36 37 30 33 22 2c 5b 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 6e 75 6c 6c 2c 6e 75 6c 6c 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 37 30 38 38 38 36 22 2c 5b 22 45 76 65 6e 74 50 72 6f 66 69 6c 65 72 49 6d 70 6c 22 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 22 45 76 65 6e 74 50 72 6f 66 69 6c 65 72 49 6d 70 6c 22 2c 6e 75 6c 6c 5d 7d 2c 2d 31 5d 2c 5b 22 53 65 72 76 65 72 4e 6f 6e 63 65 22 2c 5b 5d 2c 7b 22 53 65 72 76 65 72 4e 6f 6e 63 65 22 3a 22 56 46 71 7a 39 48 75 35 54 48 54 37 4d 6e 5a 4f 6e 36 56 4d 73 79 22 7d 2c 31 34 31 5d 2c 5b 22 4b 53 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 22 6b 69 6c 6c 65
                                                                                                                                                                                                                                                                                      Data Ascii: 960",["DTSG_ASYNC"],{"__rc":["DTSG_ASYNC",null]},-1],["cr:696703",[],{"__rc":[null,null]},-1],["cr:708886",["EventProfilerImpl"],{"__rc":["EventProfilerImpl",null]},-1],["ServerNonce",[],{"ServerNonce":"VFqz9Hu5THT7MnZOn6VMsy"},141],["KSConfig",[],{"kille
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC734INData Raw: 5f 6f 65 6d 62 65 64 22 2c 22 74 65 64 5f 6f 65 6d 62 65 64 22 2c 22 74 65 6e 6f 72 5f 61 70 69 22 2c 22 74 65 6e 6f 72 5f 69 6d 61 67 65 73 22 2c 22 74 65 6e 6f 72 5f 6d 65 64 69 61 22 2c 22 74 69 6b 74 6f 6b 5f 6f 65 6d 62 65 64 22 2c 22 74 77 69 74 74 65 72 5f 61 6e 61 6c 79 74 69 63 73 5f 70 69 78 65 6c 22 2c 22 74 77 69 74 74 65 72 5f 61 6e 61 6c 79 74 69 63 73 5f 70 69 78 65 6c 5f 69 6d 67 22 2c 22 74 77 69 74 74 65 72 5f 6c 65 67 61 63 79 5f 65 6d 62 65 64 22 2c 22 76 69 6d 65 6f 5f 6f 65 6d 62 65 64 22 2c 22 79 6f 75 74 75 62 65 5f 65 6d 62 65 64 22 2c 22 79 6f 75 74 75 62 65 5f 6f 65 6d 62 65 64 22 2c 22 61 64 76 65 72 74 69 73 65 72 5f 68 6f 73 74 65 64 5f 70 69 78 65 6c 22 2c 22 61 69 72 62 75 73 5f 73 61 74 22 2c 22 61 6d 61 7a 6f 6e 5f 6d 65
                                                                                                                                                                                                                                                                                      Data Ascii: _oembed","ted_oembed","tenor_api","tenor_images","tenor_media","tiktok_oembed","twitter_analytics_pixel","twitter_analytics_pixel_img","twitter_legacy_embed","vimeo_oembed","youtube_embed","youtube_oembed","advertiser_hosted_pixel","airbus_sat","amazon_me
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1500INData Raw: 32 62 33 37 0d 0a 72 69 65 73 22 2c 22 67 6f 6f 67 6c 65 5f 6f 61 75 74 68 5f 61 70 69 22 2c 22 67 6f 6f 67 6c 65 5f 72 65 63 61 70 74 63 68 61 22 2c 22 68 65 72 65 5f 6d 61 70 5f 65 78 74 22 2c 22 68 69 76 65 5f 73 74 72 65 61 6d 69 6e 67 5f 76 69 64 65 6f 22 2c 22 69 73 70 74 6f 6f 6c 62 6f 78 22 2c 22 6a 71 75 65 72 79 22 2c 22 6a 73 5f 64 65 6c 69 76 72 22 2c 22 6b 62 61 6e 6b 22 2c 22 6d 61 74 68 6a 61 78 22 2c 22 6d 65 74 61 5f 70 69 78 65 6c 22 2c 22 6d 69 63 72 6f 73 6f 66 74 5f 65 78 63 65 6c 22 2c 22 6d 69 63 72 6f 73 6f 66 74 5f 6f 66 66 69 63 65 5f 61 64 64 69 6e 22 2c 22 6d 69 63 72 6f 73 6f 66 74 5f 6f 6e 65 64 72 69 76 65 22 2c 22 6d 69 63 72 6f 73 6f 66 74 5f 73 70 65 65 63 68 22 2c 22 6d 69 63 72 6f 73 6f 66 74 5f 74 65 61 6d 73 22 2c 22
                                                                                                                                                                                                                                                                                      Data Ascii: 2b37ries","google_oauth_api","google_recaptcha","here_map_ext","hive_streaming_video","isptoolbox","jquery","js_delivr","kbank","mathjax","meta_pixel","microsoft_excel","microsoft_office_addin","microsoft_onedrive","microsoft_speech","microsoft_teams","
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1500INData Raw: 65 64 72 69 76 65 22 2c 22 6d 69 63 72 6f 73 6f 66 74 5f 73 70 65 65 63 68 22 2c 22 6d 69 63 72 6f 73 6f 66 74 5f 74 65 61 6d 73 22 2c 22 6d 6d 69 5f 74 69 6c 65 73 22 2c 22 6f 70 65 6e 5f 73 74 72 65 65 74 5f 6d 61 70 22 2c 22 70 61 79 70 61 6c 5f 62 69 6c 6c 69 6e 67 5f 61 67 72 65 65 6d 65 6e 74 22 2c 22 70 61 79 70 61 6c 5f 6f 61 75 74 68 5f 61 70 69 22 2c 22 70 61 79 75 22 2c 22 70 6c 61 69 64 22 2c 22 70 6c 61 74 66 6f 72 6d 69 7a 65 64 5f 61 64 79 65 6e 5f 63 68 65 63 6b 6f 75 74 22 2c 22 70 6c 6f 74 6c 79 22 2c 22 70 79 64 61 74 61 22 2c 22 72 65 63 72 75 69 74 69 63 73 22 2c 22 72 73 74 75 64 69 6f 22 2c 22 73 61 6c 65 73 66 6f 72 63 65 5f 6c 69 67 68 74 69 6e 67 22 2c 22 73 74 72 69 70 65 22 2c 22 74 65 61 6d 5f 63 65 6e 74 65 72 22 2c 22 74 72
                                                                                                                                                                                                                                                                                      Data Ascii: edrive","microsoft_speech","microsoft_teams","mmi_tiles","open_street_map","paypal_billing_agreement","paypal_oauth_api","payu","plaid","platformized_adyen_checkout","plotly","pydata","recruitics","rstudio","salesforce_lighting","stripe","team_center","tr
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1500INData Raw: 68 46 6f 72 41 6c 72 65 61 64 79 52 65 71 75 69 72 65 64 22 3a 74 72 75 65 2c 22 65 61 72 6c 79 52 65 71 75 69 72 65 4c 61 7a 79 22 3a 66 61 6c 73 65 2c 22 65 6e 61 62 6c 65 54 69 6d 65 6f 75 74 4c 6f 67 67 69 6e 67 46 6f 72 4e 6f 6e 43 6f 6d 65 74 22 3a 66 61 6c 73 65 2c 22 64 65 66 65 72 4c 6f 6e 67 54 61 69 6c 4d 61 6e 69 66 65 73 74 22 3a 74 72 75 65 2c 22 6c 61 7a 79 53 6f 54 22 3a 66 61 6c 73 65 2c 22 74 72 61 6e 73 6c 61 74 69 6f 6e 52 65 74 72 69 65 73 22 3a 5b 32 30 30 2c 35 30 30 5d 2c 22 74 72 61 6e 73 6c 61 74 69 6f 6e 52 65 74 72 79 41 62 6f 72 74 4e 75 6d 22 3a 33 2c 22 74 72 61 6e 73 6c 61 74 69 6f 6e 52 65 74 72 79 41 62 6f 72 74 54 69 6d 65 22 3a 35 30 7d 2c 33 32 39 5d 2c 5b 22 43 53 53 4c 6f 61 64 65 72 43 6f 6e 66 69 67 22 2c 5b 5d 2c
                                                                                                                                                                                                                                                                                      Data Ascii: hForAlreadyRequired":true,"earlyRequireLazy":false,"enableTimeoutLoggingForNonComet":false,"deferLongTailManifest":true,"lazySoT":false,"translationRetries":[200,500],"translationRetryAbortNum":3,"translationRetryAbortTime":50},329],["CSSLoaderConfig",[],


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      39192.168.2.849798184.28.90.27443
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                                                                                                                      Host: fs.microsoft.com
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC467INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                                                                                                                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                                                                                                      Server: ECAcc (lpl/EF45)
                                                                                                                                                                                                                                                                                      X-CID: 11
                                                                                                                                                                                                                                                                                      X-Ms-ApiVersion: Distribute 1.2
                                                                                                                                                                                                                                                                                      X-Ms-Region: prod-weu-z1
                                                                                                                                                                                                                                                                                      Cache-Control: public, max-age=151463
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:19 GMT
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      X-CID: 2


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      40192.168.2.849806104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC690OUTGET /sites/all/themes/freshmade/img/content-wrapper.gif HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/sites/all/themes/freshmade/style.css?s7978o
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC695INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:18 GMT
                                                                                                                                                                                                                                                                                      Content-Type: image/gif
                                                                                                                                                                                                                                                                                      Content-Length: 1401
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 23 Jan 2013 20:50:17 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 16:15:43 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2183135
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UpJhAbjGAUD%2F2tf34C1IHBqnDoGOSXYmOpmwwWNbUXk1g0iUWRJApwM1ZOXftB%2F9qGdkioBvBPITr7gT%2BsvER744%2BkLkFrWJnfQ0lZFcSbaKGKrdcZWpjRlsUIdXUhX4%2FBjcgp7VxvkYXszMRA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165dd9ee24270-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC674INData Raw: 47 49 46 38 39 61 e8 03 96 00 c4 00 00 f3 f3 f3 f1 f1 f1 ee ee ee df df df e4 e4 e4 dd dd dd f4 f4 f4 d2 d2 d2 ef ef ef ec ec ec e8 e8 e8 e2 e2 e2 e6 e6 e6 d5 d5 d5 eb eb eb e9 e9 e9 d8 d8 d8 db db db ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 f9 04 00 00 00 00 00 2c 00 00 00 00 e8 03 96 00 00 05 ff a0 01 00 41 80 08 89 f3 28 0c b1 0c 45 04 35 87 64 df 78 ae ef 7c ef ff c0 a0 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf c2 43 03 12 29 0c 16 04 86 e2 e1 48 08 10 a5 91 41 44 32 a1 54 2c 17 4c 46 03 fb ff 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 8d 8e 43 62 64 66 68 6a 6c 6e 70 01 72 74 25 27 29 2b 2d 2f 31 33 35 8f a5 a6 a7 a8 a9 aa ab ac ad
                                                                                                                                                                                                                                                                                      Data Ascii: GIF89a!,A(E5dx|pH,rl:tJZvzC)HAD2T,LFCbdfhjlnprt%')+-/135
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC727INData Raw: f2 21 7b f6 95 a8 e2 8a 2c 4a 71 62 7d ff b5 28 e3 8c 34 06 f1 a2 7f 08 d6 a8 e3 8e 34 de 78 60 84 3c 06 29 a4 88 3e 42 38 e4 91 48 72 58 e4 76 49 36 e9 64 82 4b 66 f8 e4 94 54 be 17 65 88 55 66 a9 a5 75 57 a6 b8 e5 97 60 02 d7 65 8c 61 96 69 a6 69 63 e6 78 e6 9a 6c 3a 96 26 90 6d c6 29 27 5f 6f ce 69 e7 9d 71 d5 89 e7 9e 7c 7e a5 67 9f 80 06 4a d4 9f 82 16 6a 28 4c 84 1e aa e8 a2 11 25 ca e8 a3 90 ee e3 68 a4 94 56 da 20 6d ea e0 14 99 78 28 92 69 e9 a7 a0 2e 33 69 a8 a4 96 0a cb a8 a6 a6 aa aa 87 98 d6 85 d5 70 0f 32 b9 ea ac b4 3a 82 6a ad b8 e6 ea c7 ad ba f6 ea eb 15 bc fe 2a ec b0 82 b5 4a 91 59 ce 19 68 24 b1 cc 36 eb 44 b0 ce 46 2b ad 0e d0 4e 6b 6d ff b4 d5 5e ab ed b0 d9 6e eb ad ae dd 7e 2b ee ac e1 8e 6b 6e a9 e5 9e ab ae a5 e9 ae eb ee a3 ed
                                                                                                                                                                                                                                                                                      Data Ascii: !{,Jqb}(44x`<)>B8HrXvI6dKfTeUfuW`eaiicxl:&m)'_oiq|~gJj(L%hV mx(i.3ip2:j*JYh$6DF+Nkm^n~+kn


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      41192.168.2.849804104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC695OUTGET /sites/all/themes/freshmade/img/navigation-wrapper-2.gif HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/sites/all/themes/freshmade/style.css?s7978o
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC696INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:18 GMT
                                                                                                                                                                                                                                                                                      Content-Type: image/gif
                                                                                                                                                                                                                                                                                      Content-Length: 3065
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 23 Jan 2013 20:50:45 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 03 Nov 2024 00:41:51 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 338367
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ls%2Fx54UmiDyyhiiU%2BoPrhFgXDExtyVnmDC%2BthoQWs8BWhV5ovpVAxdACs3f6YGTYn6%2FUMRqIAA9HxekY5Qb4pa1gpt%2BFShKX6Tu1SOOz96hrFiX3bXiW6BQE20uz%2FG9JeORud8qQA5s5ChHZBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165dd9da66a4f-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC673INData Raw: 47 49 46 38 39 61 e8 03 2e 00 f7 ff 00 a1 61 29 a5 5d 1f 9d 5a 20 a5 66 2d a2 60 26 b5 72 34 9e 5c 21 aa 60 20 bf 78 37 98 56 1d 9a 57 1e ac 62 22 a7 60 22 f2 9a 4c b0 66 25 a0 5e 24 be 76 34 bb 74 33 b5 6c 2a a1 5b 1e bc 76 36 ae 64 24 ad 66 27 bb 7a 42 b9 73 33 ba 72 30 cb 85 48 a6 5e 20 c1 72 2a b9 70 2f b8 6e 2d ba 74 34 b4 6c 2c ae 66 26 c3 7b 38 bc 73 31 b4 71 32 a1 5c 1f b1 6a 2c b0 68 28 b4 6f 30 be 78 37 aa 6a 30 b6 6f 2d a3 5c 1f b8 70 30 ae 68 2a b1 6a 2a ac 6a 2e b7 6e 2c b0 67 26 a8 62 24 b4 6a 29 b2 68 28 b6 70 30 9f 5a 1e da 8a 45 d4 86 43 b8 74 35 ba 73 32 b2 6c 2c ae 6c 30 b0 69 2a b0 6e 32 95 54 1c ac 6c 31 ab 64 25 b5 6a 27 a7 5e 1f a8 68 2f b2 6e 31 aa 67 2c a8 67 2c c9 83 47 af 6b 2e d5 8b 4b bc 6e 28 aa 63 24 a5 63 28 ae 6b 2e b2 6d
                                                                                                                                                                                                                                                                                      Data Ascii: GIF89a.a)]Z f-`&r4\!` x7VWb"`"Lf%^$v4t3l*[v6d$f'zBs3r0H^ r*p/n-t4l,f&{8s1q2\j,h(o0x7j0o-\p0h*j*j.n,g&b$j)h(p0ZECt5s2l,l0i*n2Tl1d%j'^h/n1g,g,Gk.Kn(c$c(k.m
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1369INData Raw: ef 98 4b e4 90 47 b3 6b 2a 94 53 1c 9d 5e 26 9c 5b 23 b5 6e 2e ba 76 35 b6 6d 2e b5 72 33 97 58 20 ad 69 2e ab 6c 30 af 69 2b b6 73 35 b1 6e 2f b0 67 27 a7 64 27 a3 5f 23 ac 65 25 94 53 1b 94 54 1b bd 75 33 9d 59 1e 95 55 1d b2 69 29 ae 67 27 aa 63 25 99 5a 22 ab 61 21 97 57 20 9d 5d 26 b8 71 31 be 76 33 b8 70 2e ff ff ff 21 f9 04 01 00 00 ff 00 2c 00 00 00 00 e8 03 2e 00 00 08 ff 00 1b 08 14 c8 8d 5b 14 29 52 b2 2d eb e6 ec ca 15 1c 38 72 e4 f8 47 b1 a2 c5 8b 18 33 6a dc c8 b1 a3 c7 8f 20 43 8a 1c 49 b2 a4 c9 93 28 53 aa 5c c9 b2 a5 cb 97 30 63 ca 9c 49 b3 a6 cd 9b 38 73 ea dc c9 b3 27 48 89 10 1d 3a eb b6 2c 1b c2 28 05 07 0a 14 c1 34 58 30 5b 08 d8 b0 29 c6 4a 87 ba 02 d1 52 65 ba 06 ab 8e cf af 60 c3 8a 1d 4b b6 ac d9 b3 68 d3 aa 5d cb b6 ad db b7 21
                                                                                                                                                                                                                                                                                      Data Ascii: KGk*S^&[#n.v5m.r3X i.l0i+s5n/g'd'_#e%STu3YUi)g'c%Z"a!W ]&q1v3p.!,.[)R-8rG3j CI(S\0cI8s'H:,(4X0[)JRe`Kh]!
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1023INData Raw: da 07 1f 08 10 4c 27 d8 61 98 6a f4 c1 0b e6 b0 4a 67 aa 52 02 73 98 43 3d a6 69 0f 0b 3c 72 96 66 c8 e6 03 22 c1 ff 4d 70 fa f3 9f 00 ed d1 23 22 f1 00 72 16 a2 1d 76 98 c2 14 2c 20 88 13 28 32 9e ed a4 c1 2a eb 41 d1 13 d8 23 16 16 d0 85 2e ec 90 4f 7d fe a2 9f 01 0d a9 48 47 ba 9e 70 10 b4 a0 d3 30 83 1d 34 6a 01 7b 34 f4 04 14 95 28 0d 66 5a 8f 13 9c 80 1d ec 08 81 05 08 a1 0b 30 d8 61 1a 71 70 c7 03 3e 1a 0e 92 1a f5 a8 48 0d 4e 38 1e f1 80 82 c6 61 1a ab 00 03 18 16 1a 02 76 d8 f4 04 34 ad 41 3d 6a 60 53 76 d8 a3 0f 42 10 c2 3d 56 01 09 a0 72 61 a8 e1 d8 43 52 d7 ca d6 b6 52 66 0f 8f f8 c5 03 b8 10 87 38 c8 e2 1e 60 20 04 21 fa 60 8f 10 d8 94 a2 35 e0 ea 09 64 90 d3 9d 0a a1 0b ab 90 05 50 dd c1 85 5f 18 20 1c da 70 ab 64 27 4b 59 b2 e0 23 1c 06 90
                                                                                                                                                                                                                                                                                      Data Ascii: L'ajJgRsC=i<rf"Mp#"rv, (2*A#.O}HGp04j{4(fZ0aqp>HN8av4A=j`SvB=VraCRRf8` !`5dP_ pd'KY#


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      42192.168.2.849807104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC705OUTGET /sites/all/libraries/superfish/images/arrows-ffffff.png HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/sites/all/libraries/superfish/css/superfish.css?s7978o
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC695INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:18 GMT
                                                                                                                                                                                                                                                                                      Content-Type: image/png
                                                                                                                                                                                                                                                                                      Content-Length: 250
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 23 Jan 2013 20:45:42 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 03 Nov 2024 00:41:51 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 338367
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uC5jN%2FOV0ySGUYOz%2FnZzP06PpyZcY11nJL%2FCpgWpIG8NcCil%2FEkda2i0fIOIfiJNyK2M%2BxPAQeTPf4QsBWpe1f0L5WCaZpkAl2F4JA8EFhrt6dxNRJR0waedbMxHmZGvAmLOy44%2BT7aDdboeZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165dd9d1a7cf9-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC250INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 14 00 00 00 6e 08 06 00 00 00 27 30 33 aa 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 00 9c 49 44 41 54 78 da ec d9 51 0a 80 30 08 80 e1 94 8e b4 fb 9f a0 3b 19 8b 9e 62 9b ce 0a 22 7e 5f 86 43 3f 86 b0 27 c5 cc 96 27 43 2f f9 16 ec b3 28 78 1b d5 4e 71 1a d5 41 71 0a 55 a7 78 1a f5 c0 12 04 25 02 4e 63 23 30 85 f5 c0 34 76 5c be fd 53 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ff 08 ae e7 19 d9 74 d7 ad ae 45 5f 58 02 58 0d 71 ea 44 1b 4d 3d 6c 71 50 69 cd b0 38 79 0f 1d ee e8 4b 70 0c d2 c2 bf bf 01 df 05 18 00 85 2e 17 45 26 fa 51 fe 00 00 00 00 49 45 4e 44 ae 42 60 82
                                                                                                                                                                                                                                                                                      Data Ascii: PNGIHDRn'03tEXtSoftwareAdobe ImageReadyqe<IDATxQ0;b"~_C?''C/(xNqAqUx%Nc#04v\StE_XXqDM=lqPi8yKp.E&QIENDB`


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      43192.168.2.849805104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC666OUTGET /sites/all/modules/languageicons/flags/ru.png HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC698INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:18 GMT
                                                                                                                                                                                                                                                                                      Content-Type: image/png
                                                                                                                                                                                                                                                                                      Content-Length: 121
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Tue, 28 Oct 2014 12:45:43 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 20 Oct 2024 20:13:03 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 1477695
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qJU%2B%2B3ZG6VkaUuJ0afGGsGLkIqE8GNkQ2KinEuKXYG%2FsgWdpwnh7RBB5e%2FQdxcaV1jKTZXeuKUyCb%2FIuvCm64O8G3AfJPEYe4UIsJeIxGKd5ehx95iBbDmNF8lzhiqLh2WFG%2BEPUA%2FDCFztCxA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165dd98c8c34a-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC121INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 12 00 00 00 0c 02 03 00 00 00 12 7c 05 2f 00 00 00 09 50 4c 54 45 00 00 ff ff 00 00 ff ff ff f5 2f 2e 2e 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 16 49 44 41 54 08 5b 63 58 05 04 0b 18 30 49 5c 20 14 08 02 30 49 00 63 2d 13 b1 4e 81 eb 9a 00 00 00 00 49 45 4e 44 ae 42 60 82
                                                                                                                                                                                                                                                                                      Data Ascii: PNGIHDR|/PLTE/..pHYsIDAT[cX0I\ 0Ic-NIENDB`


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      44192.168.2.849809104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC666OUTGET /sites/all/modules/languageicons/flags/en.png HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC720INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:18 GMT
                                                                                                                                                                                                                                                                                      Content-Type: image/png
                                                                                                                                                                                                                                                                                      Content-Length: 210
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Tue, 28 Oct 2014 12:45:43 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 16:15:43 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2183135
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RCDq2k0W9L2z%2FB5ppVYsMWVWar5DhXBbggECmM%2B92cbW3kXLrExOClogNTGvzLZa4xRYTnL4iwe29XNRwwvRYhp6W0Nq04z2Xz1WyEp8hTGMWLJA0FjMYeOILT9b9MI5ERUKFzj%2FobJ4PyAM8g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165dd98648c90-EWR
                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC210INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 18 00 00 00 0c 04 03 00 00 00 8a 1e 60 46 00 00 00 27 50 4c 54 45 00 24 7d 1d 3d 8c 26 45 91 cf 14 2b db 50 62 de 66 76 a0 90 b2 ed a7 af cb c2 d5 f3 c5 ca f5 d0 d5 f7 d6 da fc f1 f3 ff cd 76 26 00 00 00 04 67 49 46 67 00 00 00 0a 7c 59 ed 53 00 00 00 56 49 44 41 54 08 d7 63 f0 3c a1 c0 c0 b0 d9 9a 81 81 31 d5 93 21 15 c4 03 72 80 ec 13 60 42 61 b3 35 98 02 4b 9f d8 6c 0d 61 af 02 81 62 73 30 c5 60 8c 04 50 39 28 ca 18 98 7a a6 84 6d b6 06 12 02 10 b6 c0 66 6b 30 c5 00 26 80 96 82 78 0c 60 69 90 73 80 3c 00 f5 b6 31 25 09 2a 1b 73 00 00 00 00 49 45 4e 44 ae 42 60 82
                                                                                                                                                                                                                                                                                      Data Ascii: PNGIHDR`F'PLTE$}=&E+Pbfvv&gIFg|YSVIDATc<1!r`Ba5Klabs0`P9(zmfk0&x`is<1%*sIENDB`


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      45192.168.2.849808104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC681OUTGET /sites/all/themes/freshmade/img/header.gif HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/sites/all/themes/freshmade/style.css?s7978o
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC696INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:18 GMT
                                                                                                                                                                                                                                                                                      Content-Type: image/gif
                                                                                                                                                                                                                                                                                      Content-Length: 800
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 23 Jan 2013 20:50:28 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 20 Oct 2024 08:46:47 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 1518871
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YtEY%2F9bbOPStmTbt9IAT9wpgtnNbPzzmhpkOp1FCY48Pb7cDaPhsAVftqpwisf%2BNHS7UNlN%2FOKZtJ5ubksDGErBtMQVygf%2B60x5jIhSlKrc1DTRmwgdmmEFvjy%2B4RQQxaDZf%2Bn8KKaSMoK3MQg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165dd9e7743d5-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC673INData Raw: 47 49 46 38 39 61 96 00 82 00 b3 00 00 27 27 27 29 29 29 2a 2a 2a 2e 2e 2e 2b 2b 2b 28 28 28 2c 2c 2c 2d 2d 2d 30 30 30 2f 2f 2f 31 31 31 32 32 32 33 33 33 00 00 00 00 00 00 00 00 00 21 f9 04 00 00 00 00 00 2c 00 00 00 00 96 00 82 00 00 04 ff 10 c8 49 ab bd 38 eb cd bb ff 60 28 8e 64 69 9e 68 a1 ae 6c eb be 70 2c cf 74 6d df 78 ae ef 7c ef ff c0 a0 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 e8 33 40 ad 5a af d8 ac 76 cb ed 7a bf e0 b0 78 4c 2e 9b cf e8 b4 7a cd 6e bb df f0 b8 7c 4e bf 0a ee f8 bc 7e cf ef fb ff 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 8d 8e 8f 90 91 92 93 94 95 96 97 98 99 9a 9b 9c 9d 9e 9c 04 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c6 06 cb cc cd ce cf d0 d1 d2 d3
                                                                                                                                                                                                                                                                                      Data Ascii: GIF89a''')))***...+++(((,,,---000///111222333!,I8`(dihlp,tmx|pH,rl:3@ZvzxL.zn|N~
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC127INData Raw: 90 44 16 69 e4 91 48 26 a9 e4 92 4c 36 e9 e4 93 50 46 29 e5 94 54 56 69 e5 95 58 66 a9 e5 96 5c 76 e9 e5 97 60 86 29 e6 98 64 96 69 e6 99 68 a6 a9 e6 9a 6c b6 e9 e6 9b 70 c6 29 e7 9c 74 d6 69 e7 9d 78 e6 a9 e7 9e 7c f6 e9 e7 9f 80 06 2a e8 a0 84 16 6a e8 a1 88 26 aa e8 a2 8c 36 ea e8 a3 90 46 2a e9 a4 94 56 6a e9 a5 98 66 aa e9 a6 9c 76 ea e9 a7 a0 86 2a ea a8 a4 5e 19 01 00 3b
                                                                                                                                                                                                                                                                                      Data Ascii: DiH&L6PF)TViXf\v`)dihlp)tix|*j&6F*Vjfv*^;


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      46192.168.2.849810104.193.111.1174435820C:\Program Files (x86)\ImBatch\ImBatch.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC346OUTPOST /bc/put.php?v=1&pid=110&w=cd&cid={DC960FFD-14A7-48B7-83D1-6FA0A6445A05}&h=1a5f27020f5d05939025c0cc7616f480 HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.bolidesoft.com:443
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=--------100724184117203
                                                                                                                                                                                                                                                                                      Content-Length: 4272
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Cookie: PHPSESSID=5af2178aef7e776b5dd854a267c1cd0f
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:18 UTC4272OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 30 30 37 32 34 31 38 34 31 31 37 32 30 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 74 6d 70 2e 74 6d 70 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a 06 67 70 38 71 44 66 47 2d 67 0e 45 15 4a 4b 2d 18 33 2f 5e 12 6b 27 67 2f 38 5f 44 47 47 02 67 2f 45 02 4a 4b 2d 2f 33 33 5e 08 6b 35 67 16 38 03 44 08 47 66 67 5a 45 5e 4a 0a 2d 7f 33 77 5e 52 6b 6a 67 7b 38 1d 44 1c 47 6c 67 5b 45 55 4a 0b 2d 64 33 77 5e
                                                                                                                                                                                                                                                                                      Data Ascii: ----------100724184117203Content-Disposition: form-data; name="file"; filename="tmp.tmp"Content-Type: application/octet-streamContent-Transfer-Encoding: binarygp8qDfG-gEJK-3/^k'g/8_DGGg/EJK-/33^k5g8DGfgZE^J-3w^Rkjg{8DGlg[EUJ-d3w^
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC307INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:19 GMT
                                                                                                                                                                                                                                                                                      Server: Apache
                                                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                      Upgrade: h2,h2c
                                                                                                                                                                                                                                                                                      Connection: keep-alive, close
                                                                                                                                                                                                                                                                                      Vary: User-Agent
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      47192.168.2.849812104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC417OUTGET /sites/all/libraries/superfish/jquery.hoverIntent.minified.js?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC706INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:19 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                                                                                                      Content-Length: 1464
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 23 Jan 2013 20:45:50 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 16:15:42 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2183137
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wksiDAu5Oqjn4bhYXxNBJ0r4sai%2BrmnYw3Phw34sOy61oXyu3qPIj4KG%2B9Ce6CClXKzd3l%2FYcgD2MTAqJoaHSoQMx2vzgRl8hYbKu0fxW1ObXmnqnMxOmDakdo%2BdMVttqb1ClzqZ9UKLQ1J3iw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165de584ac409-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC663INData Raw: 2f 2a 2a 0a 2a 20 68 6f 76 65 72 49 6e 74 65 6e 74 20 72 36 20 2f 2f 20 32 30 31 31 2e 30 32 2e 32 36 20 2f 2f 20 6a 51 75 65 72 79 20 31 2e 35 2e 31 2b 0a 2a 20 3c 68 74 74 70 3a 2f 2f 63 68 65 72 6e 65 2e 6e 65 74 2f 62 72 69 61 6e 2f 72 65 73 6f 75 72 63 65 73 2f 6a 71 75 65 72 79 2e 68 6f 76 65 72 49 6e 74 65 6e 74 2e 68 74 6d 6c 3e 0a 2a 20 0a 2a 20 40 70 61 72 61 6d 20 20 66 20 20 6f 6e 4d 6f 75 73 65 4f 76 65 72 20 66 75 6e 63 74 69 6f 6e 20 7c 7c 20 41 6e 20 6f 62 6a 65 63 74 20 77 69 74 68 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 73 0a 2a 20 40 70 61 72 61 6d 20 20 67 20 20 6f 6e 4d 6f 75 73 65 4f 75 74 20 66 75 6e 63 74 69 6f 6e 20 20 7c 7c 20 4e 6f 74 68 69 6e 67 20 28 75 73 65 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20
                                                                                                                                                                                                                                                                                      Data Ascii: /*** hoverIntent r6 // 2011.02.26 // jQuery 1.5.1+* <http://cherne.net/brian/resources/jquery.hoverIntent.html>* * @param f onMouseOver function || An object with configuration options* @param g onMouseOut function || Nothing (use configuration
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC801INData Raw: 73 65 6d 6f 76 65 22 2c 74 72 61 63 6b 29 3b 6f 62 2e 68 6f 76 65 72 49 6e 74 65 6e 74 5f 73 3d 31 3b 72 65 74 75 72 6e 20 63 66 67 2e 6f 76 65 72 2e 61 70 70 6c 79 28 6f 62 2c 5b 65 76 5d 29 7d 65 6c 73 65 7b 70 58 3d 63 58 3b 70 59 3d 63 59 3b 6f 62 2e 68 6f 76 65 72 49 6e 74 65 6e 74 5f 74 3d 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 63 6f 6d 70 61 72 65 28 65 76 2c 6f 62 29 7d 2c 63 66 67 2e 69 6e 74 65 72 76 61 6c 29 7d 7d 3b 76 61 72 20 64 65 6c 61 79 3d 66 75 6e 63 74 69 6f 6e 28 65 76 2c 6f 62 29 7b 6f 62 2e 68 6f 76 65 72 49 6e 74 65 6e 74 5f 74 3d 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 6f 62 2e 68 6f 76 65 72 49 6e 74 65 6e 74 5f 74 29 3b 6f 62 2e 68 6f 76 65 72 49 6e 74 65 6e 74 5f 73 3d 30 3b 72 65 74 75 72 6e 20 63 66
                                                                                                                                                                                                                                                                                      Data Ascii: semove",track);ob.hoverIntent_s=1;return cfg.over.apply(ob,[ev])}else{pX=cX;pY=cY;ob.hoverIntent_t=setTimeout(function(){compare(ev,ob)},cfg.interval)}};var delay=function(ev,ob){ob.hoverIntent_t=clearTimeout(ob.hoverIntent_t);ob.hoverIntent_s=0;return cf


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      48192.168.2.849814104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC371OUTGET /misc/drupal.js?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC707INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:19 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                                                                                                      Content-Length: 20611
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 06 Dec 2023 14:25:06 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 16:15:42 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2183137
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dK6W%2Fv4RkEOYKmVZFVXeNYfKSI%2F%2F5MQHo2LXUuKDnedAiP8HvoaZS8jNgk6UamidaWb1ylSKUuLpT0XjuobC9OUxb32qDyDHACSxj34iw%2Bqmr3BZweDwWLTdphEFHez4vXdUbbXJiGBzxHGZyw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165de5d0272a7-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC662INData Raw: 0a 76 61 72 20 44 72 75 70 61 6c 20 3d 20 44 72 75 70 61 6c 20 7c 7c 20 7b 20 27 73 65 74 74 69 6e 67 73 27 3a 20 7b 7d 2c 20 27 62 65 68 61 76 69 6f 72 73 27 3a 20 7b 7d 2c 20 27 6c 6f 63 61 6c 65 27 3a 20 7b 7d 20 7d 3b 0a 0a 2f 2f 20 41 6c 6c 6f 77 20 6f 74 68 65 72 20 4a 61 76 61 53 63 72 69 70 74 20 6c 69 62 72 61 72 69 65 73 20 74 6f 20 75 73 65 20 24 2e 0a 6a 51 75 65 72 79 2e 6e 6f 43 6f 6e 66 6c 69 63 74 28 29 3b 0a 0a 28 66 75 6e 63 74 69 6f 6e 20 28 24 29 20 7b 0a 0a 2f 2a 2a 0a 20 2a 20 4f 76 65 72 72 69 64 65 20 6a 51 75 65 72 79 2e 66 6e 2e 69 6e 69 74 20 74 6f 20 67 75 61 72 64 20 61 67 61 69 6e 73 74 20 58 53 53 20 61 74 74 61 63 6b 73 2e 0a 20 2a 0a 20 2a 20 53 65 65 20 68 74 74 70 3a 2f 2f 62 75 67 73 2e 6a 71 75 65 72 79 2e 63 6f 6d 2f
                                                                                                                                                                                                                                                                                      Data Ascii: var Drupal = Drupal || { 'settings': {}, 'behaviors': {}, 'locale': {} };// Allow other JavaScript libraries to use $.jQuery.noConflict();(function ($) {/** * Override jQuery.fn.init to guard against XSS attacks. * * See http://bugs.jquery.com/
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1369INData Raw: 74 68 72 6f 77 20 27 53 79 6e 74 61 78 20 65 72 72 6f 72 2c 20 75 6e 72 65 63 6f 67 6e 69 7a 65 64 20 65 78 70 72 65 73 73 69 6f 6e 3a 20 27 20 2b 20 73 65 6c 65 63 74 6f 72 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 20 20 7d 0a 20 20 72 65 74 75 72 6e 20 6a 71 75 65 72 79 5f 69 6e 69 74 2e 63 61 6c 6c 28 74 68 69 73 2c 20 73 65 6c 65 63 74 6f 72 2c 20 63 6f 6e 74 65 78 74 2c 20 72 6f 6f 74 6a 51 75 65 72 79 29 3b 0a 7d 3b 0a 24 2e 66 6e 2e 69 6e 69 74 2e 70 72 6f 74 6f 74 79 70 65 20 3d 20 6a 71 75 65 72 79 5f 69 6e 69 74 2e 70 72 6f 74 6f 74 79 70 65 3b 0a 0a 2f 2a 2a 0a 20 2a 20 50 72 65 2d 66 69 6c 74 65 72 20 41 6a 61 78 20 72 65 71 75 65 73 74 73 20 74 6f 20 67 75 61 72 64 20 61 67 61 69 6e 73 74 20 58 53 53 20 61 74 74 61 63 6b 73 2e 0a 20 2a
                                                                                                                                                                                                                                                                                      Data Ascii: throw 'Syntax error, unrecognized expression: ' + selector; } } } return jquery_init.call(this, selector, context, rootjQuery);};$.fn.init.prototype = jquery_init.prototype;/** * Pre-filter Ajax requests to guard against XSS attacks. *
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1369INData Raw: 0a 20 20 20 20 7d 0a 20 20 20 20 72 65 74 75 72 6e 20 6a 71 75 65 72 79 5f 68 74 74 70 44 61 74 61 2e 63 61 6c 6c 28 74 68 69 73 2c 20 78 68 72 2c 20 74 79 70 65 2c 20 73 29 3b 0a 20 20 7d 3b 0a 20 20 24 2e 68 74 74 70 44 61 74 61 2e 70 72 6f 74 6f 74 79 70 65 20 3d 20 6a 71 75 65 72 79 5f 68 74 74 70 44 61 74 61 2e 70 72 6f 74 6f 74 79 70 65 3b 0a 7d 0a 0a 2f 2a 2a 0a 20 2a 20 41 74 74 61 63 68 20 61 6c 6c 20 72 65 67 69 73 74 65 72 65 64 20 62 65 68 61 76 69 6f 72 73 20 74 6f 20 61 20 70 61 67 65 20 65 6c 65 6d 65 6e 74 2e 0a 20 2a 0a 20 2a 20 42 65 68 61 76 69 6f 72 73 20 61 72 65 20 65 76 65 6e 74 2d 74 72 69 67 67 65 72 65 64 20 61 63 74 69 6f 6e 73 20 74 68 61 74 20 61 74 74 61 63 68 20 74 6f 20 70 61 67 65 20 65 6c 65 6d 65 6e 74 73 2c 20 65 6e 68
                                                                                                                                                                                                                                                                                      Data Ascii: } return jquery_httpData.call(this, xhr, type, s); }; $.httpData.prototype = jquery_httpData.prototype;}/** * Attach all registered behaviors to a page element. * * Behaviors are event-triggered actions that attach to page elements, enh
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1369INData Raw: 61 74 74 61 63 68 20 62 65 68 61 76 69 6f 72 73 20 74 6f 2e 20 49 66 20 6e 6f 6e 65 20 69 73 20 67 69 76 65 6e 2c 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 65 6c 65 6d 65 6e 74 0a 20 2a 20 20 20 69 73 20 75 73 65 64 2e 0a 20 2a 20 40 70 61 72 61 6d 20 73 65 74 74 69 6e 67 73 0a 20 2a 20 20 20 41 6e 20 6f 62 6a 65 63 74 20 63 6f 6e 74 61 69 6e 69 6e 67 20 73 65 74 74 69 6e 67 73 20 66 6f 72 20 74 68 65 20 63 75 72 72 65 6e 74 20 63 6f 6e 74 65 78 74 2e 20 49 66 20 6e 6f 6e 65 20 67 69 76 65 6e 2c 20 74 68 65 0a 20 2a 20 20 20 67 6c 6f 62 61 6c 20 44 72 75 70 61 6c 2e 73 65 74 74 69 6e 67 73 20 6f 62 6a 65 63 74 20 69 73 20 75 73 65 64 2e 0a 20 2a 2f 0a 44 72 75 70 61 6c 2e 61 74 74 61 63 68 42 65 68 61 76 69 6f 72 73 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28
                                                                                                                                                                                                                                                                                      Data Ascii: attach behaviors to. If none is given, the document element * is used. * @param settings * An object containing settings for the current context. If none given, the * global Drupal.settings object is used. */Drupal.attachBehaviors = function (
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1369INData Raw: 20 77 68 61 74 27 73 20 63 61 75 73 69 6e 67 20 74 68 65 20 62 65 68 61 76 69 6f 72 73 20 74 6f 20 62 65 20 64 65 74 61 63 68 65 64 2e 20 54 68 65 0a 20 2a 20 20 20 70 6f 73 73 69 62 6c 65 20 74 72 69 67 67 65 72 73 20 61 72 65 3a 0a 20 2a 20 20 20 2d 20 75 6e 6c 6f 61 64 3a 20 28 64 65 66 61 75 6c 74 29 20 54 68 65 20 63 6f 6e 74 65 78 74 20 65 6c 65 6d 65 6e 74 20 69 73 20 62 65 69 6e 67 20 72 65 6d 6f 76 65 64 20 66 72 6f 6d 20 74 68 65 20 44 4f 4d 2e 0a 20 2a 20 20 20 2d 20 6d 6f 76 65 3a 20 54 68 65 20 65 6c 65 6d 65 6e 74 20 69 73 20 61 62 6f 75 74 20 74 6f 20 62 65 20 6d 6f 76 65 64 20 77 69 74 68 69 6e 20 74 68 65 20 44 4f 4d 20 28 66 6f 72 20 65 78 61 6d 70 6c 65 2c 0a 20 2a 20 20 20 20 20 64 75 72 69 6e 67 20 61 20 74 61 62 6c 65 64 72 61 67 20
                                                                                                                                                                                                                                                                                      Data Ascii: what's causing the behaviors to be detached. The * possible triggers are: * - unload: (default) The context element is being removed from the DOM. * - move: The element is about to be moved within the DOM (for example, * during a tabledrag
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1369INData Raw: 20 20 20 69 66 20 28 24 2e 69 73 46 75 6e 63 74 69 6f 6e 28 74 68 69 73 2e 64 65 74 61 63 68 29 29 20 7b 0a 20 20 20 20 20 20 74 68 69 73 2e 64 65 74 61 63 68 28 63 6f 6e 74 65 78 74 2c 20 73 65 74 74 69 6e 67 73 2c 20 74 72 69 67 67 65 72 29 3b 0a 20 20 20 20 7d 0a 20 20 7d 29 3b 0a 7d 3b 0a 0a 2f 2a 2a 0a 20 2a 20 45 6e 63 6f 64 65 20 73 70 65 63 69 61 6c 20 63 68 61 72 61 63 74 65 72 73 20 69 6e 20 61 20 70 6c 61 69 6e 2d 74 65 78 74 20 73 74 72 69 6e 67 20 66 6f 72 20 64 69 73 70 6c 61 79 20 61 73 20 48 54 4d 4c 2e 0a 20 2a 0a 20 2a 20 40 69 6e 67 72 6f 75 70 20 73 61 6e 69 74 69 7a 61 74 69 6f 6e 0a 20 2a 2f 0a 44 72 75 70 61 6c 2e 63 68 65 63 6b 50 6c 61 69 6e 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 73 74 72 29 20 7b 0a 20 20 76 61 72 20 63 68 61 72
                                                                                                                                                                                                                                                                                      Data Ascii: if ($.isFunction(this.detach)) { this.detach(context, settings, trigger); } });};/** * Encode special characters in a plain-text string for display as HTML. * * @ingroup sanitization */Drupal.checkPlain = function (str) { var char
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1369INData Raw: 20 28 6b 65 79 2e 63 68 61 72 41 74 28 30 29 29 20 7b 0a 20 20 20 20 20 20 20 20 2f 2f 20 45 73 63 61 70 65 64 20 6f 6e 6c 79 2e 0a 20 20 20 20 20 20 20 20 63 61 73 65 20 27 40 27 3a 0a 20 20 20 20 20 20 20 20 20 20 61 72 67 73 5b 6b 65 79 5d 20 3d 20 44 72 75 70 61 6c 2e 63 68 65 63 6b 50 6c 61 69 6e 28 61 72 67 73 5b 6b 65 79 5d 29 3b 0a 20 20 20 20 20 20 20 20 20 20 62 72 65 61 6b 3b 0a 20 20 20 20 20 20 20 20 2f 2f 20 50 61 73 73 2d 74 68 72 6f 75 67 68 2e 0a 20 20 20 20 20 20 20 20 63 61 73 65 20 27 21 27 3a 0a 20 20 20 20 20 20 20 20 20 20 62 72 65 61 6b 3b 0a 20 20 20 20 20 20 20 20 2f 2f 20 45 73 63 61 70 65 64 20 61 6e 64 20 70 6c 61 63 65 68 6f 6c 64 65 72 2e 0a 20 20 20 20 20 20 20 20 64 65 66 61 75 6c 74 3a 0a 20 20 20 20 20 20 20 20 20 20 61
                                                                                                                                                                                                                                                                                      Data Ascii: (key.charAt(0)) { // Escaped only. case '@': args[key] = Drupal.checkPlain(args[key]); break; // Pass-through. case '!': break; // Escaped and placeholder. default: a
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1369INData Raw: 3b 0a 20 20 76 61 72 20 66 72 61 67 6d 65 6e 74 73 20 3d 20 73 74 72 2e 73 70 6c 69 74 28 6b 65 79 29 3b 0a 0a 20 20 69 66 20 28 6b 65 79 73 2e 6c 65 6e 67 74 68 29 20 7b 0a 20 20 20 20 66 6f 72 20 28 76 61 72 20 69 20 3d 20 30 3b 20 69 20 3c 20 66 72 61 67 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 20 69 2b 2b 29 20 7b 0a 20 20 20 20 20 20 2f 2f 20 50 72 6f 63 65 73 73 20 65 61 63 68 20 66 72 61 67 6d 65 6e 74 20 77 69 74 68 20 61 20 63 6f 70 79 20 6f 66 20 72 65 6d 61 69 6e 69 6e 67 20 6b 65 79 73 2e 0a 20 20 20 20 20 20 66 72 61 67 6d 65 6e 74 73 5b 69 5d 20 3d 20 44 72 75 70 61 6c 2e 73 74 72 69 6e 67 52 65 70 6c 61 63 65 28 66 72 61 67 6d 65 6e 74 73 5b 69 5d 2c 20 61 72 67 73 2c 20 6b 65 79 73 2e 73 6c 69 63 65 28 30 29 29 3b 0a 20 20 20 20 7d 0a 20 20
                                                                                                                                                                                                                                                                                      Data Ascii: ; var fragments = str.split(key); if (keys.length) { for (var i = 0; i < fragments.length; i++) { // Process each fragment with a copy of remaining keys. fragments[i] = Drupal.stringReplace(fragments[i], args, keys.slice(0)); }
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1369INData Raw: 74 69 6f 6e 20 65 6e 73 75 72 65 73 20 74 68 61 74 20 74 68 65 20 73 74 72 69 6e 67 20 69 73 20 70 6c 75 72 61 6c 69 7a 65 64 20 63 6f 72 72 65 63 74 6c 79 2e 20 53 69 6e 63 65 20 44 72 75 70 61 6c 2e 74 28 29 20 69 73 0a 20 2a 20 63 61 6c 6c 65 64 20 62 79 20 74 68 69 73 20 66 75 6e 63 74 69 6f 6e 2c 20 6d 61 6b 65 20 73 75 72 65 20 6e 6f 74 20 74 6f 20 70 61 73 73 20 61 6c 72 65 61 64 79 2d 6c 6f 63 61 6c 69 7a 65 64 20 73 74 72 69 6e 67 73 20 74 6f 20 69 74 2e 0a 20 2a 0a 20 2a 20 53 65 65 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 73 65 72 76 65 72 2d 73 69 64 65 20 66 6f 72 6d 61 74 5f 70 6c 75 72 61 6c 28 29 20 66 75 6e 63 74 69 6f 6e 20 66 6f 72 20 66 75 72 74 68 65 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 0a 20 2a
                                                                                                                                                                                                                                                                                      Data Ascii: tion ensures that the string is pluralized correctly. Since Drupal.t() is * called by this function, make sure not to pass already-localized strings to it. * * See the documentation of the server-side format_plural() function for further details. * *
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1369INData Raw: 44 72 75 70 61 6c 2e 6c 6f 63 61 6c 65 2e 70 6c 75 72 61 6c 46 6f 72 6d 75 6c 61 28 61 72 67 73 5b 27 40 63 6f 75 6e 74 27 5d 29 20 3a 20 28 28 61 72 67 73 5b 27 40 63 6f 75 6e 74 27 5d 20 3d 3d 20 31 29 20 3f 20 30 20 3a 20 31 29 3b 0a 0a 20 20 69 66 20 28 69 6e 64 65 78 20 3d 3d 20 30 29 20 7b 0a 20 20 20 20 72 65 74 75 72 6e 20 44 72 75 70 61 6c 2e 74 28 73 69 6e 67 75 6c 61 72 2c 20 61 72 67 73 2c 20 6f 70 74 69 6f 6e 73 29 3b 0a 20 20 7d 0a 20 20 65 6c 73 65 20 69 66 20 28 69 6e 64 65 78 20 3d 3d 20 31 29 20 7b 0a 20 20 20 20 72 65 74 75 72 6e 20 44 72 75 70 61 6c 2e 74 28 70 6c 75 72 61 6c 2c 20 61 72 67 73 2c 20 6f 70 74 69 6f 6e 73 29 3b 0a 20 20 7d 0a 20 20 65 6c 73 65 20 7b 0a 20 20 20 20 61 72 67 73 5b 27 40 63 6f 75 6e 74 5b 27 20 2b 20 69 6e
                                                                                                                                                                                                                                                                                      Data Ascii: Drupal.locale.pluralFormula(args['@count']) : ((args['@count'] == 1) ? 0 : 1); if (index == 0) { return Drupal.t(singular, args, options); } else if (index == 1) { return Drupal.t(plural, args, options); } else { args['@count[' + in


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      49192.168.2.849813104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC399OUTGET /sites/all/libraries/superfish/superfish.js?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC706INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:19 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                                                                                                      Content-Length: 3945
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Thu, 05 Nov 2015 08:44:31 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 20 Oct 2024 08:46:47 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 1518872
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3ipgd3lDensg7Zt97EiRjpsMdctJevqrhrpzEMy7c5QMv%2B%2Fs1p2Y0r4nKdoTX9X2IJudYdua6362JKBXEE%2BDB6DrS9bPx8LI1SIZoZaQtNhfBJ9K6P8oQCbR7rFnHmdSb%2B4tZamLxtlGbNf0CA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165de7dd80f39-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC663INData Raw: 2f 2a 0a 20 2a 20 53 75 70 65 72 66 69 73 68 20 76 31 2e 34 2e 38 20 2d 20 6a 51 75 65 72 79 20 6d 65 6e 75 20 77 69 64 67 65 74 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 30 38 20 4a 6f 65 6c 20 42 69 72 63 68 0a 20 2a 0a 20 2a 20 44 75 61 6c 20 6c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 61 6e 64 20 47 50 4c 20 6c 69 63 65 6e 73 65 73 3a 0a 20 2a 20 20 20 68 74 74 70 3a 2f 2f 77 77 77 2e 6f 70 65 6e 73 6f 75 72 63 65 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 73 2f 6d 69 74 2d 6c 69 63 65 6e 73 65 2e 70 68 70 0a 20 2a 20 20 20 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6e 75 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 73 2f 67 70 6c 2e 68 74 6d 6c 0a 20 2a 0a 20 2a 20 43 48 41 4e 47 45 4c 4f 47 3a 20 68 74 74 70 3a 2f 2f 75 73 65 72
                                                                                                                                                                                                                                                                                      Data Ascii: /* * Superfish v1.4.8 - jQuery menu widget * Copyright (c) 2008 Joel Birch * * Dual licensed under the MIT and GPL licenses: * http://www.opensource.org/licenses/mit-license.php * http://www.gnu.org/licenses/gpl.html * * CHANGELOG: http://user
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1369INData Raw: 20 6f 75 74 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 20 20 20 20 76 61 72 20 24 24 20 3d 20 24 28 74 68 69 73 29 2c 20 6d 65 6e 75 20 3d 20 67 65 74 4d 65 6e 75 28 24 24 29 2c 20 6f 20 3d 20 73 66 2e 6f 70 3b 0a 20 20 20 20 20 20 20 20 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 6d 65 6e 75 2e 73 66 54 69 6d 65 72 29 3b 0a 20 20 20 20 20 20 20 20 6d 65 6e 75 2e 73 66 54 69 6d 65 72 3d 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 20 20 20 20 20 20 6f 2e 72 65 74 61 69 6e 50 61 74 68 3d 28 24 2e 69 6e 41 72 72 61 79 28 24 24 5b 30 5d 2c 6f 2e 24 70 61 74 68 29 3e 2d 31 29 3b 0a 20 20 20 20 20 20 20 20 20 20 24 24 2e 68 69 64 65 53 75 70 65 72 66 69 73 68 55 6c 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 69 66 20
                                                                                                                                                                                                                                                                                      Data Ascii: out = function(){ var $$ = $(this), menu = getMenu($$), o = sf.op; clearTimeout(menu.sfTimer); menu.sfTimer=setTimeout(function(){ o.retainPath=($.inArray($$[0],o.$path)>-1); $$.hideSuperfishUl(); if
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1369INData Raw: 76 65 72 2e 63 61 6c 6c 28 24 6c 69 29 3b 7d 29 2e 62 6c 75 72 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6f 75 74 2e 63 61 6c 6c 28 24 6c 69 29 3b 7d 29 3b 0a 20 20 20 20 20 20 7d 29 3b 0a 20 20 20 20 20 20 6f 2e 6f 6e 49 6e 69 74 2e 63 61 6c 6c 28 74 68 69 73 29 3b 0a 0a 20 20 20 20 7d 29 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 6d 65 6e 75 43 6c 61 73 73 65 73 20 3d 20 5b 63 2e 6d 65 6e 75 43 6c 61 73 73 5d 3b 0a 20 20 20 20 20 20 69 66 20 28 73 66 2e 6f 70 2e 64 72 6f 70 53 68 61 64 6f 77 73 20 20 26 26 20 21 28 24 2e 62 72 6f 77 73 65 72 2e 6d 73 69 65 20 26 26 20 24 2e 62 72 6f 77 73 65 72 2e 76 65 72 73 69 6f 6e 20 3c 20 37 29 29 20 6d 65 6e 75 43 6c 61 73 73 65 73 2e 70 75 73 68 28 63 2e 73 68 61 64 6f 77 43
                                                                                                                                                                                                                                                                                      Data Ascii: ver.call($li);}).blur(function(){out.call($li);}); }); o.onInit.call(this); }).each(function() { var menuClasses = [c.menuClass]; if (sf.op.dropShadows && !($.browser.msie && $.browser.version < 7)) menuClasses.push(c.shadowC
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC544INData Raw: 64 64 28 74 68 69 73 29 2e 6e 6f 74 28 6e 6f 74 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 6f 2e 68 6f 76 65 72 43 6c 61 73 73 29 0a 20 20 20 20 20 20 20 20 20 20 2e 66 69 6e 64 28 27 3e 75 6c 27 29 2e 68 69 64 65 28 29 2e 63 73 73 28 27 76 69 73 69 62 69 6c 69 74 79 27 2c 27 68 69 64 64 65 6e 27 29 3b 0a 20 20 20 20 20 20 6f 2e 6f 6e 48 69 64 65 2e 63 61 6c 6c 28 24 75 6c 29 3b 0a 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 68 69 73 3b 0a 20 20 20 20 7d 2c 0a 20 20 20 20 73 68 6f 77 53 75 70 65 72 66 69 73 68 55 6c 20 3a 20 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 20 20 76 61 72 20 6f 20 3d 20 73 66 2e 6f 70 2c 0a 20 20 20 20 20 20 20 20 73 68 20 3d 20 73 66 2e 63 2e 73 68 61 64 6f 77 43 6c 61 73 73 2b 27 2d 6f 66 66 27 2c 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                      Data Ascii: dd(this).not(not).removeClass(o.hoverClass) .find('>ul').hide().css('visibility','hidden'); o.onHide.call($ul); return this; }, showSuperfishUl : function(){ var o = sf.op, sh = sf.c.shadowClass+'-off',


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      50192.168.2.849811104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC399OUTGET /sites/all/libraries/superfish/supersubs.js?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC701INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:19 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                                                                                                      Content-Length: 3778
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 23 Jan 2013 20:46:22 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 03 Nov 2024 00:41:50 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 338369
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZrDpH4n6QnDv09E3az3ZDLLtGN5oHDug7PcVRipbNHPBUJ5DKMp4WISHT4NOxIgSFI8XEGWAEMckZw28MrXL9u3B0%2FF973jWnvOluItRHNQgL%2BoudNtyMu7RRzCGdipG2b7vP7ctsTAehaC6JA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165de78894259-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC668INData Raw: 2f 2a 0a 20 2a 20 53 75 70 65 72 73 75 62 73 20 76 30 2e 32 62 20 2d 20 6a 51 75 65 72 79 20 70 6c 75 67 69 6e 20 2d 20 4c 41 53 54 20 55 50 44 41 54 45 3a 20 4d 41 52 43 48 20 32 33 72 64 2c 20 32 30 31 31 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 30 38 20 4a 6f 65 6c 20 42 69 72 63 68 0a 20 2a 0a 20 2a 20 4a 61 6e 20 31 36 74 68 2c 20 32 30 31 31 20 2d 20 4d 6f 64 69 66 69 65 64 20 61 20 6c 69 74 74 6c 65 20 69 6e 20 6f 72 64 65 72 20 74 6f 20 77 6f 72 6b 20 77 69 74 68 20 4e 61 76 42 61 72 20 6d 65 6e 75 73 20 61 73 20 77 65 6c 6c 2e 0a 20 2a 0a 20 2a 20 44 75 61 6c 20 6c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 61 6e 64 20 47 50 4c 20 6c 69 63 65 6e 73 65 73 3a 0a 20 2a 20 20 20 68 74 74 70 3a 2f 2f 77 77 77
                                                                                                                                                                                                                                                                                      Data Ascii: /* * Supersubs v0.2b - jQuery plugin - LAST UPDATE: MARCH 23rd, 2011 * Copyright (c) 2008 Joel Birch * * Jan 16th, 2011 - Modified a little in order to work with NavBar menus as well. * * Dual licensed under the MIT and GPL licenses: * http://www
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1369INData Raw: 2e 66 6e 2e 73 75 70 65 72 73 75 62 73 20 3d 20 66 75 6e 63 74 69 6f 6e 28 6f 70 74 69 6f 6e 73 29 7b 0a 20 20 20 20 76 61 72 20 6f 70 74 73 20 3d 20 24 2e 65 78 74 65 6e 64 28 7b 7d 2c 20 24 2e 66 6e 2e 73 75 70 65 72 73 75 62 73 2e 64 65 66 61 75 6c 74 73 2c 20 6f 70 74 69 6f 6e 73 29 3b 0a 09 2f 2f 20 72 65 74 75 72 6e 20 6f 72 69 67 69 6e 61 6c 20 6f 62 6a 65 63 74 20 74 6f 20 73 75 70 70 6f 72 74 20 63 68 61 69 6e 69 6e 67 0a 20 20 20 20 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 2f 2f 20 63 61 63 68 65 20 73 65 6c 65 63 74 69 6f 6e 73 0a 20 20 20 20 20 20 76 61 72 20 24 24 20 3d 20 24 28 74 68 69 73 29 3b 0a 20 20 20 20 20 20 2f 2f 20 73 75 70 70 6f 72 74 20 6d 65 74 61 64 61 74 61 0a
                                                                                                                                                                                                                                                                                      Data Ascii: .fn.supersubs = function(options){ var opts = $.extend({}, $.fn.supersubs.defaults, options);// return original object to support chaining return this.each(function() { // cache selections var $$ = $(this); // support metadata
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1369INData Raw: 28 27 66 6c 6f 61 74 27 29 3b 0a 20 20 20 20 20 20 20 20 2f 2f 20 72 65 6d 6f 76 65 20 77 69 64 74 68 20 72 65 73 74 72 69 63 74 69 6f 6e 73 20 61 6e 64 20 66 6c 6f 61 74 73 20 73 6f 20 65 6c 65 6d 65 6e 74 73 20 72 65 6d 61 69 6e 20 76 65 72 74 69 63 61 6c 6c 79 20 73 74 61 63 6b 65 64 0a 20 20 20 20 20 20 20 20 76 61 72 20 65 6d 57 69 64 74 68 20 3d 20 24 75 6c 2e 61 64 64 28 24 4c 49 73 29 2e 61 64 64 28 24 41 73 29 2e 63 73 73 28 7b 0a 20 20 20 20 20 20 20 20 20 20 27 66 6c 6f 61 74 27 20 3a 20 27 6e 6f 6e 65 27 2c 0a 20 20 20 20 20 20 20 20 20 20 27 77 69 64 74 68 27 20 20 3a 20 27 61 75 74 6f 27 0a 20 20 20 20 20 20 20 20 7d 29 0a 20 20 20 20 20 20 20 20 2f 2f 20 74 68 69 73 20 75 6c 20 77 69 6c 6c 20 6e 6f 77 20 62 65 20 73 68 72 69 6e 6b 2d 77 72
                                                                                                                                                                                                                                                                                      Data Ascii: ('float'); // remove width restrictions and floats so elements remain vertically stacked var emWidth = $ul.add($LIs).add($As).css({ 'float' : 'none', 'width' : 'auto' }) // this ul will now be shrink-wr
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC372INData Raw: 6c 2e 63 73 73 28 6f 66 66 73 65 74 44 69 72 65 63 74 69 6f 6e 2c 65 6d 57 69 64 74 68 29 3b 0a 20 20 20 20 20 20 20 20 7d 29 3b 0a 20 20 20 20 20 20 7d 29 3b 0a 0a 20 20 20 20 7d 29 3b 0a 20 20 7d 3b 0a 20 20 2f 2f 20 65 78 70 6f 73 65 20 64 65 66 61 75 6c 74 73 0a 20 20 24 2e 66 6e 2e 73 75 70 65 72 73 75 62 73 2e 64 65 66 61 75 6c 74 73 20 3d 20 7b 0a 20 20 20 20 6d 69 6e 57 69 64 74 68 3a 20 39 2c 20 2f 2f 20 72 65 71 75 69 72 65 73 20 65 6d 20 75 6e 69 74 2e 0a 20 20 20 20 6d 61 78 57 69 64 74 68 3a 20 32 35 2c 20 2f 2f 20 72 65 71 75 69 72 65 73 20 65 6d 20 75 6e 69 74 2e 0a 20 20 20 20 65 78 74 72 61 57 69 64 74 68 3a 20 30 20 2f 2f 20 65 78 74 72 61 20 77 69 64 74 68 20 63 61 6e 20 65 6e 73 75 72 65 20 6c 69 6e 65 73 20 64 6f 6e 27 74 20 73 6f 6d
                                                                                                                                                                                                                                                                                      Data Ascii: l.css(offsetDirection,emWidth); }); }); }); }; // expose defaults $.fn.supersubs.defaults = { minWidth: 9, // requires em unit. maxWidth: 25, // requires em unit. extraWidth: 0 // extra width can ensure lines don't som


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      51192.168.2.849815104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC397OUTGET /sites/all/modules/superfish/superfish.js?s7978o HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC703INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:19 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/javascript
                                                                                                                                                                                                                                                                                      Content-Length: 1445
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Mon, 08 Jul 2013 12:07:32 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 03 Nov 2024 00:41:50 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 338369
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7n5NbnHAJ5ztx81eRwybY30tIqrq4NMaREOxjDbIXwK2xMcOIQND1n2uHzo%2BMo24zyuep5BnpinxGuS9DUaRxpvQbTISEBKjyufZnya4168QAMTOh6ot%2BdJzCcES9qlCFiwBDIwoJAeDZlg%2FNA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165de9e9543cf-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC666INData Raw: 2f 2a 2a 0a 20 2a 20 40 66 69 6c 65 0a 20 2a 20 54 68 65 20 53 75 70 65 72 66 69 73 68 20 44 72 75 70 61 6c 20 42 65 68 61 76 69 6f 72 20 74 6f 20 61 70 70 6c 79 20 74 68 65 20 53 75 70 65 72 66 69 73 68 20 6a 51 75 65 72 79 20 70 6c 75 67 69 6e 20 74 6f 20 6c 69 73 74 73 2e 0a 20 2a 2f 0a 0a 28 66 75 6e 63 74 69 6f 6e 20 28 24 29 20 7b 0a 20 20 44 72 75 70 61 6c 2e 62 65 68 61 76 69 6f 72 73 2e 73 75 70 65 72 66 69 73 68 20 3d 20 7b 0a 20 20 20 20 61 74 74 61 63 68 3a 20 66 75 6e 63 74 69 6f 6e 20 28 63 6f 6e 74 65 78 74 2c 20 73 65 74 74 69 6e 67 73 29 20 7b 0a 20 20 20 20 20 20 2f 2f 20 54 61 6b 65 20 61 20 6c 6f 6f 6b 20 61 74 20 65 61 63 68 20 6c 69 73 74 20 74 6f 20 61 70 70 6c 79 20 53 75 70 65 72 66 69 73 68 20 74 6f 2e 0a 20 20 20 20 20 20 24 2e
                                                                                                                                                                                                                                                                                      Data Ascii: /** * @file * The Superfish Drupal Behavior to apply the Superfish jQuery plugin to lists. */(function ($) { Drupal.behaviors.superfish = { attach: function (context, settings) { // Take a look at each list to apply Superfish to. $.
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC779INData Raw: 69 6e 73 2e 73 75 70 65 72 73 75 62 73 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 2f 2f 20 41 70 70 6c 79 20 53 75 70 65 72 66 69 73 68 20 74 6f 20 74 68 65 20 6c 69 73 74 2e 0a 20 20 20 20 20 20 20 20 20 20 6c 69 73 74 2e 73 75 70 65 72 66 69 73 68 28 6f 70 74 69 6f 6e 73 2e 73 66 29 3b 0a 0a 20 20 20 20 20 20 20 20 20 20 2f 2f 20 43 68 65 63 6b 20 69 66 20 77 65 20 61 72 65 20 74 6f 20 61 70 70 6c 79 20 61 6e 79 20 6f 74 68 65 72 20 70 6c 75 67 2d 69 6e 20 74 6f 20 69 74 2e 0a 20 20 20 20 20 20 20 20 20 20 69 66 20 28 6f 70 74 69 6f 6e 73 2e 70 6c 75 67 69 6e 73 20 7c 7c 20 66 61 6c 73 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 6f 70 74 69 6f 6e 73 2e 70 6c
                                                                                                                                                                                                                                                                                      Data Ascii: ins.supersubs); } } // Apply Superfish to the list. list.superfish(options.sf); // Check if we are to apply any other plug-in to it. if (options.plugins || false) { if (options.pl


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      52192.168.2.849817104.16.79.73443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC413OUTGET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: static.cloudflareinsights.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC373INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:19 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/javascript;charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 19948
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Cache-Control: public, max-age=86400
                                                                                                                                                                                                                                                                                      ETag: W/"2024.6.1"
                                                                                                                                                                                                                                                                                      Last-Modified: Thu, 06 Jun 2024 15:52:56 GMT
                                                                                                                                                                                                                                                                                      Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165df3ad3435b-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC996INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 33 34 33 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 6f 72 28 76 61 72 20 74 3d 5b 5d 2c 6e 3d 30 3b 6e 3c 32 35 36 3b 2b 2b 6e 29 74 5b 6e 5d 3d 28 6e 2b 32 35 36 29 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 2e 73 75 62 73 74 72 28 31 29 3b 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 76 61 72 20 72 3d 6e 7c 7c 30 2c 69 3d 74 3b 72 65 74 75 72 6e 5b 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 22 2d 22 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 22 2d 22 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 22 2d 22 2c 69 5b 65 5b 72 2b
                                                                                                                                                                                                                                                                                      Data Ascii: !function(){var e={343:function(e){"use strict";for(var t=[],n=0;n<256;++n)t[n]=(n+256).toString(16).substr(1);e.exports=function(e,n){var r=n||0,i=t;return[i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r+
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1369INData Raw: 3b 69 66 28 61 5b 36 5d 3d 31 35 26 61 5b 36 5d 7c 36 34 2c 61 5b 38 5d 3d 36 33 26 61 5b 38 5d 7c 31 32 38 2c 74 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 31 36 3b 2b 2b 63 29 74 5b 6f 2b 63 5d 3d 61 5b 63 5d 3b 72 65 74 75 72 6e 20 74 7c 7c 69 28 61 29 7d 7d 2c 31 36 38 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 72 3d 74 68 69 73 26 26 74 68 69 73 2e 5f 5f 61 73 73 69 67 6e 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 3d 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 7c 7c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 3d 31 2c 72 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 6e 3c 72 3b 6e 2b 2b 29 66 6f 72 28 76 61 72 20 69 20 69 6e 20 74 3d 61 72 67
                                                                                                                                                                                                                                                                                      Data Ascii: ;if(a[6]=15&a[6]|64,a[8]=63&a[8]|128,t)for(var c=0;c<16;++c)t[o+c]=a[c];return t||i(a)}},168:function(e,t,n){"use strict";var r=this&&this.__assign||function(){return r=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var i in t=arg
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1369INData Raw: 72 63 68 50 61 72 61 6d 73 29 7b 76 61 72 20 79 3d 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 28 67 2e 72 65 70 6c 61 63 65 28 2f 5e 5b 5e 5c 3f 5d 2b 5c 3f 3f 2f 2c 22 22 29 29 2c 68 3d 79 2e 67 65 74 28 22 74 6f 6b 65 6e 22 29 3b 68 26 26 28 70 2e 74 6f 6b 65 6e 3d 68 29 3b 76 61 72 20 54 3d 79 2e 67 65 74 28 22 73 70 61 22 29 3b 70 2e 73 70 61 3d 6e 75 6c 6c 3d 3d 3d 54 7c 7c 22 74 72 75 65 22 3d 3d 3d 54 7d 7d 70 26 26 22 6d 75 6c 74 69 22 21 3d 3d 70 2e 6c 6f 61 64 26 26 28 70 2e 6c 6f 61 64 3d 22 73 69 6e 67 6c 65 22 29 2c 77 69 6e 64 6f 77 2e 5f 5f 63 66 42 65 61 63 6f 6e 3d 70 7d 69 66 28 73 26 26 70 26 26 70 2e 74 6f 6b 65 6e 29 7b 76 61 72 20 77 2c 53 2c 62 3d 21 31 3b 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74
                                                                                                                                                                                                                                                                                      Data Ascii: rchParams){var y=new URLSearchParams(g.replace(/^[^\?]+\??/,"")),h=y.get("token");h&&(p.token=h);var T=y.get("spa");p.spa=null===T||"true"===T}}p&&"multi"!==p.load&&(p.load="single"),window.__cfBeacon=p}if(s&&p&&p.token){var w,S,b=!1;document.addEventList
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1369INData Raw: 2e 74 69 6d 69 6e 67 73 56 32 3d 7b 7d 2c 64 2e 76 65 72 73 69 6f 6e 73 2e 74 69 6d 69 6e 67 73 3d 32 2c 64 2e 64 74 3d 6d 5b 30 5d 2e 64 65 6c 69 76 65 72 79 54 79 70 65 2c 64 65 6c 65 74 65 20 64 2e 74 69 6d 69 6e 67 73 2c 74 28 6d 5b 30 5d 2c 64 2e 74 69 6d 69 6e 67 73 56 32 29 29 7d 31 3d 3d 3d 64 2e 76 65 72 73 69 6f 6e 73 2e 74 69 6d 69 6e 67 73 26 26 74 28 63 2c 64 2e 74 69 6d 69 6e 67 73 29 2c 74 28 75 2c 64 2e 6d 65 6d 6f 72 79 29 7d 65 6c 73 65 20 4f 28 64 29 3b 72 65 74 75 72 6e 20 64 2e 66 69 72 73 74 50 61 69 6e 74 3d 6b 28 22 66 69 72 73 74 2d 70 61 69 6e 74 22 29 2c 64 2e 66 69 72 73 74 43 6f 6e 74 65 6e 74 66 75 6c 50 61 69 6e 74 3d 6b 28 22 66 69 72 73 74 2d 63 6f 6e 74 65 6e 74 66 75 6c 2d 70 61 69 6e 74 22 29 2c 70 26 26 28 70 2e 69 63
                                                                                                                                                                                                                                                                                      Data Ascii: .timingsV2={},d.versions.timings=2,d.dt=m[0].deliveryType,delete d.timings,t(m[0],d.timingsV2))}1===d.versions.timings&&t(c,d.timings),t(u,d.memory)}else O(d);return d.firstPaint=k("first-paint"),d.firstContentfulPaint=k("first-contentful-paint"),p&&(p.ic
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1369INData Raw: 65 72 65 64 3a 21 30 7d 7d 3b 22 63 6f 6d 70 6c 65 74 65 22 3d 3d 3d 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 3f 52 28 29 3a 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 73 65 74 54 69 6d 65 6f 75 74 28 52 29 7d 29 29 3b 76 61 72 20 41 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 4c 26 26 30 3d 3d 3d 76 2e 66 69 6c 74 65 72 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 69 64 3d 3d 3d 6c 7d 29 29 2e 6c 65 6e 67 74 68 7d 2c 5f 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 2e 70 75 73 68 28 7b 69 64 3a 6c 2c 75 72 6c 3a 65 2c 74 73 3a 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65
                                                                                                                                                                                                                                                                                      Data Ascii: ered:!0}};"complete"===window.document.readyState?R():window.addEventListener("load",(function(){window.setTimeout(R)}));var A=function(){return L&&0===v.filter((function(e){return e.id===l})).length},_=function(e){v.push({id:l,url:e,ts:(new Date).getTime
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1369INData Raw: 72 63 65 4c 6f 61 64 54 69 6d 65 2c 45 2e 6c 63 70 2e 65 72 64 3d 63 2e 65 6c 65 6d 65 6e 74 52 65 6e 64 65 72 44 65 6c 61 79 2c 45 2e 6c 63 70 2e 69 74 3d 6e 75 6c 6c 3d 3d 3d 28 69 3d 63 2e 6c 63 70 52 65 73 6f 75 72 63 65 45 6e 74 72 79 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 69 3f 76 6f 69 64 20 30 3a 69 2e 69 6e 69 74 69 61 74 6f 72 54 79 70 65 2c 45 2e 6c 63 70 2e 66 70 3d 6e 75 6c 6c 3d 3d 3d 28 61 3d 6e 75 6c 6c 3d 3d 3d 28 6f 3d 63 2e 6c 63 70 45 6e 74 72 79 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 6f 3f 76 6f 69 64 20 30 3a 6f 2e 65 6c 65 6d 65 6e 74 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 61 3f 76 6f 69 64 20 30 3a 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 66 65 74 63 68 70 72 69 6f 72 69 74 79 22 29 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 49 4e 50 22
                                                                                                                                                                                                                                                                                      Data Ascii: rceLoadTime,E.lcp.erd=c.elementRenderDelay,E.lcp.it=null===(i=c.lcpResourceEntry)||void 0===i?void 0:i.initiatorType,E.lcp.fp=null===(a=null===(o=c.lcpEntry)||void 0===o?void 0:o.element)||void 0===a?void 0:a.getAttribute("fetchpriority"));break;case"INP"
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1369INData Raw: 64 65 64 42 6f 64 79 53 69 7a 65 26 26 28 72 2e 64 65 63 6f 64 65 64 42 6f 64 79 53 69 7a 65 3d 6e 5b 30 5d 2e 64 65 63 6f 64 65 64 42 6f 64 79 53 69 7a 65 29 2c 65 2e 64 74 3d 6e 5b 30 5d 2e 64 65 6c 69 76 65 72 79 54 79 70 65 29 2c 74 28 72 2c 65 2e 74 69 6d 69 6e 67 73 56 32 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 6b 28 65 29 7b 76 61 72 20 74 3b 69 66 28 22 66 69 72 73 74 2d 63 6f 6e 74 65 6e 74 66 75 6c 2d 70 61 69 6e 74 22 3d 3d 3d 65 26 26 45 2e 66 63 70 26 26 45 2e 66 63 70 2e 76 61 6c 75 65 29 72 65 74 75 72 6e 20 45 2e 66 63 70 2e 76 61 6c 75 65 3b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 73 2e 67 65 74 45 6e 74 72 69 65 73 42 79 54 79 70 65 29 7b 76 61 72 20 6e 3d 6e 75 6c 6c 3d 3d 3d 28 74 3d 73 2e 67 65 74 45 6e 74 72 69
                                                                                                                                                                                                                                                                                      Data Ascii: dedBodySize&&(r.decodedBodySize=n[0].decodedBodySize),e.dt=n[0].deliveryType),t(r,e.timingsV2)}}function k(e){var t;if("first-contentful-paint"===e&&E.fcp&&E.fcp.value)return E.fcp.value;if("function"==typeof s.getEntriesByType){var n=null===(t=s.getEntri
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1369INData Raw: 76 65 6e 74 54 79 70 65 3d 7b 7d 29 29 5b 72 2e 4c 6f 61 64 3d 31 5d 3d 22 4c 6f 61 64 22 2c 72 5b 72 2e 41 64 64 69 74 69 6f 6e 61 6c 3d 32 5d 3d 22 41 64 64 69 74 69 6f 6e 61 6c 22 2c 72 5b 72 2e 57 65 62 56 69 74 61 6c 73 56 32 3d 33 5d 3d 22 57 65 62 56 69 74 61 6c 73 56 32 22 2c 28 6e 3d 74 2e 46 65 74 63 68 50 72 69 6f 72 69 74 79 7c 7c 28 74 2e 46 65 74 63 68 50 72 69 6f 72 69 74 79 3d 7b 7d 29 29 2e 48 69 67 68 3d 22 68 69 67 68 22 2c 6e 2e 4c 6f 77 3d 22 6c 6f 77 22 2c 6e 2e 41 75 74 6f 3d 22 61 75 74 6f 22 7d 2c 31 30 34 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 74 2c 6e 2c 72 2c 69 2c 6f 2c 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77
                                                                                                                                                                                                                                                                                      Data Ascii: ventType={}))[r.Load=1]="Load",r[r.Additional=2]="Additional",r[r.WebVitalsV2=3]="WebVitalsV2",(n=t.FetchPriority||(t.FetchPriority={})).High="high",n.Low="low",n.Auto="auto"},104:function(e,t){!function(e){"use strict";var t,n,r,i,o,a=function(){return w
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1369INData Raw: 30 3f 72 3d 22 70 72 65 72 65 6e 64 65 72 22 3a 64 6f 63 75 6d 65 6e 74 2e 77 61 73 44 69 73 63 61 72 64 65 64 3f 72 3d 22 72 65 73 74 6f 72 65 22 3a 6e 2e 74 79 70 65 26 26 28 72 3d 6e 2e 74 79 70 65 2e 72 65 70 6c 61 63 65 28 2f 5f 2f 67 2c 22 2d 22 29 29 29 2c 7b 6e 61 6d 65 3a 65 2c 76 61 6c 75 65 3a 76 6f 69 64 20 30 3d 3d 3d 74 3f 2d 31 3a 74 2c 72 61 74 69 6e 67 3a 22 67 6f 6f 64 22 2c 64 65 6c 74 61 3a 30 2c 65 6e 74 72 69 65 73 3a 5b 5d 2c 69 64 3a 22 76 33 2d 22 2e 63 6f 6e 63 61 74 28 44 61 74 65 2e 6e 6f 77 28 29 2c 22 2d 22 29 2e 63 6f 6e 63 61 74 28 4d 61 74 68 2e 66 6c 6f 6f 72 28 38 39 39 39 39 39 39 39 39 39 39 39 39 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 29 2b 31 65 31 32 29 2c 6e 61 76 69 67 61 74 69 6f 6e 54 79 70 65 3a 72 7d 7d 2c
                                                                                                                                                                                                                                                                                      Data Ascii: 0?r="prerender":document.wasDiscarded?r="restore":n.type&&(r=n.type.replace(/_/g,"-"))),{name:e,value:void 0===t?-1:t,rating:"good",delta:0,entries:[],id:"v3-".concat(Date.now(),"-").concat(Math.floor(8999999999999*Math.random())+1e12),navigationType:r}},
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1369INData Raw: 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 76 69 73 69 62 69 6c 69 74 79 63 68 61 6e 67 65 22 2c 62 2c 21 30 29 2c 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 70 72 65 72 65 6e 64 65 72 69 6e 67 63 68 61 6e 67 65 22 2c 62 2c 21 30 29 7d 2c 43 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77 3c 30 26 26 28 77 3d 53 28 29 2c 45 28 29 2c 6c 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 73 65 74 54 69 6d 65 6f 75 74 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 3d 53 28 29 2c 45 28 29 7d 29 2c 30 29 7d 29 29 29 2c 7b 67 65 74 20 66 69 72 73 74 48 69 64 64 65 6e 54 69 6d 65 28 29 7b 72 65 74 75 72 6e 20 77 7d 7d 7d 2c 50 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 64 6f 63 75 6d 65 6e 74 2e 70
                                                                                                                                                                                                                                                                                      Data Ascii: function(){removeEventListener("visibilitychange",b,!0),removeEventListener("prerenderingchange",b,!0)},C=function(){return w<0&&(w=S(),E(),l((function(){setTimeout((function(){w=S(),E()}),0)}))),{get firstHiddenTime(){return w}}},P=function(e){document.p


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      53192.168.2.849822157.240.251.9443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC604OUTGET /rsrc.php/v3/yK/l/0,cross/O0Uz2Q0jyKe.css HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: static.xx.fbcdn.net
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      Origin: https://www.facebook.com
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: style
                                                                                                                                                                                                                                                                                      Referer: https://www.facebook.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1928INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Content-Type: text/css; charset=utf-8
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                                                                                                                                                                                                                      content-md5: xp4sOqKmsvGetpqtcGENjw==
                                                                                                                                                                                                                                                                                      Expires: Thu, 02 Oct 2025 05:44:22 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: public,max-age=31536000,immutable
                                                                                                                                                                                                                                                                                      report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                                                                                      timing-allow-origin: *
                                                                                                                                                                                                                                                                                      document-policy: force-load-at-top
                                                                                                                                                                                                                                                                                      permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                                                                                                                                                                                                                                                      cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                                                                                      origin-agent-cluster: ?1
                                                                                                                                                                                                                                                                                      X-FB-Debug: 5XDqrwPrBiIvU0PlUwlrAm/2Aycv4IUgxRftMtz+mJpktvxM+pMckCQOl3SHFIZ6UJ0qj0FCb4nbfo0+2ZfZ6Q==
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:19 GMT
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: https://www.facebook.com
                                                                                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                                                                                      X-FB-Connection-Quality: GOOD; q=0.7, rtt=84, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 21291
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1INData Raw: 0a
                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC15879INData Raw: 0a 0a 2e 5f 34 32 66 74 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 5f 34 32 66 74 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 2e 5f 34 32 66 74 2b 2e 5f 34 32 66 74 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 34 70 78 7d 2e 5f 34 32 66 72 2c 2e 5f 34 32 66 73 7b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 7d 2e 5f 61 66 68 63 7b 63 6c 69 70 3a 72 65 63 74 28 31 70 78 2c 20 31 70 78 2c 20 31 70 78 2c 20 31 70 78 29 3b 68 65 69 67 68 74 3a 31 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f
                                                                                                                                                                                                                                                                                      Data Ascii: ._42ft{cursor:pointer;display:inline-block;text-decoration:none;white-space:nowrap}._42ft:hover{text-decoration:none}._42ft+._42ft{margin-left:4px}._42fr,._42fs{cursor:default}._afhc{clip:rect(1px, 1px, 1px, 1px);height:1px;overflow:hidden;position:abso
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC5411INData Raw: 65 6e 74 65 72 7d 0a 2e 5f 34 6d 72 39 7b 2d 77 65 62 6b 69 74 2d 74 6f 75 63 68 2d 63 61 6c 6c 6f 75 74 3a 6e 6f 6e 65 3b 2d 77 65 62 6b 69 74 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 7d 0a 2e 5f 34 6a 79 30 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 30 20 38 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74
                                                                                                                                                                                                                                                                                      Data Ascii: enter}._4mr9{-webkit-touch-callout:none;-webkit-user-select:none}._4jy0{border:1px solid;border-radius:2px;box-sizing:content-box;font-size:12px;-webkit-font-smoothing:antialiased;font-weight:bold;justify-content:center;padding:0 8px;position:relative;t


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      54192.168.2.849825157.240.251.9443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC581OUTGET /rsrc.php/v3/yw/r/u5OMVLVnVwH.js HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: static.xx.fbcdn.net
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      Origin: https://www.facebook.com
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                      Referer: https://www.facebook.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1945INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Content-Type: application/x-javascript; charset=utf-8
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                                                                                                                                                                                                                      content-md5: BcxVwUffHkyDMNPsEpuBDA==
                                                                                                                                                                                                                                                                                      Expires: Sun, 05 Oct 2025 02:02:19 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: public,max-age=31536000,immutable
                                                                                                                                                                                                                                                                                      report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                                                                                      timing-allow-origin: *
                                                                                                                                                                                                                                                                                      document-policy: force-load-at-top
                                                                                                                                                                                                                                                                                      permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                                                                                                                                                                                                                                                      cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                                                                                      origin-agent-cluster: ?1
                                                                                                                                                                                                                                                                                      X-FB-Debug: y1lwgg7ymUmnNcQDN3Mt7Ibxb+uOI2+2EkUW3e/muDRnuFtAaS2bnV/HF4GhqfNDHT1ozGnMCkPGJIbgv3BEhw==
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:19 GMT
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: https://www.facebook.com
                                                                                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                                                                                      X-FB-Connection-Quality: GOOD; q=0.7, rtt=84, rtx=0, c=14, mss=1392, tbw=3409, tp=-1, tpl=-1, uplat=2, ullat=-1
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 356051
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1INData Raw: 3b
                                                                                                                                                                                                                                                                                      Data Ascii: ;
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC15870INData Raw: 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 67 6c 6f 62 61 6c 54 68 69 73 7c 7c 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 73 65 6c 66 7c 7c 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 67 6c 6f 62 61 6c 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 41 62 6f 72 74 43 6f 6e 74 72 6f 6c 6c 65 72 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 29 72 65 74 75 72 6e 3b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 61 28 29 7b 74 68 69 73 2e 5f 5f 6c 69 73 74 65 6e
                                                                                                                                                                                                                                                                                      Data Ascii: /*FB_PKG_DELIM*/"use strict";(function(){var a=typeof globalThis!=="undefined"&&globalThis||typeof self!=="undefined"&&self||typeof global!=="undefined"&&global;if(typeof a.AbortController!=="undefined")return;var b=function(){function a(){this.__listen
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC16384INData Raw: 75 6d 65 72 61 62 6c 65 3d 64 2e 65 6e 75 6d 65 72 61 62 6c 65 7c 7c 21 31 3b 64 2e 63 6f 6e 66 69 67 75 72 61 62 6c 65 3d 21 30 3b 22 76 61 6c 75 65 22 69 6e 20 64 26 26 28 64 2e 77 72 69 74 61 62 6c 65 3d 21 30 29 3b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 61 2c 64 2e 6b 65 79 2c 64 29 7d 7d 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 62 2c 63 2c 64 29 7b 63 26 26 61 28 62 2e 70 72 6f 74 6f 74 79 70 65 2c 63 29 3b 64 26 26 61 28 62 2c 64 29 3b 72 65 74 75 72 6e 20 62 7d 7d 28 29 3b 62 2e 69 6e 68 65 72 69 74 73 4c 6f 6f 73 65 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 61 2c 62 29 3b 61 2e 70 72 6f 74 6f 74 79 70 65 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 62 26 26 62 2e 70 72
                                                                                                                                                                                                                                                                                      Data Ascii: umerable=d.enumerable||!1;d.configurable=!0;"value"in d&&(d.writable=!0);Object.defineProperty(a,d.key,d)}}return function(b,c,d){c&&a(b.prototype,c);d&&a(b,d);return b}}();b.inheritsLoose=function(a,b){Object.assign(a,b);a.prototype=Object.create(b&&b.pr
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC16384INData Raw: 74 68 3b 61 2b 2b 29 74 68 69 73 2e 24 32 5b 61 5d 2e 72 65 6d 6f 76 65 28 29 3b 74 68 69 73 2e 24 32 2e 6c 65 6e 67 74 68 3d 30 7d 2c 74 68 69 73 2e 24 31 3d 61 2c 74 68 69 73 2e 24 32 3d 62 7d 76 61 72 20 62 3d 61 2e 70 72 6f 74 6f 74 79 70 65 3b 62 2e 69 73 46 6f 72 41 72 62 69 74 65 72 49 6e 73 74 61 6e 63 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 24 31 7c 7c 68 28 30 2c 32 35 30 36 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 24 31 3d 3d 3d 61 7d 3b 72 65 74 75 72 6e 20 61 7d 28 29 3b 67 5b 22 64 65 66 61 75 6c 74 22 5d 3d 61 7d 29 2c 39 38 29 3b 0a 5f 5f 64 28 22 70 65 72 66 6f 72 6d 61 6e 63 65 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 62 3d 61 2e 70 65 72
                                                                                                                                                                                                                                                                                      Data Ascii: th;a++)this.$2[a].remove();this.$2.length=0},this.$1=a,this.$2=b}var b=a.prototype;b.isForArbiterInstance=function(a){this.$1||h(0,2506);return this.$1===a};return a}();g["default"]=a}),98);__d("performance",[],(function(a,b,c,d,e,f){"use strict";b=a.per
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC16384INData Raw: 6e 20 20 20 20 61 74 20 3c 70 72 6f 6d 69 73 65 5f 73 65 74 74 6c 65 64 5f 73 74 61 63 6b 5f 62 65 6c 6f 77 3e 5c 6e 22 2b 69 2e 73 65 74 74 6c 65 64 53 74 61 63 6b 3a 22 22 29 2b 28 69 21 3d 6e 75 6c 6c 26 26 74 79 70 65 6f 66 20 69 2e 63 72 65 61 74 65 64 53 74 61 63 6b 3d 3d 3d 22 73 74 72 69 6e 67 22 3f 22 5c 6e 20 20 20 20 61 74 20 3c 70 72 6f 6d 69 73 65 5f 63 72 65 61 74 65 64 5f 73 74 61 63 6b 5f 62 65 6c 6f 77 3e 5c 6e 22 2b 69 2e 63 72 65 61 74 65 64 53 74 61 63 6b 3a 22 22 29 7d 63 61 74 63 68 28 61 29 7b 7d 62 2e 72 65 70 6f 72 74 45 72 72 6f 72 28 65 29 3b 61 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 7d 66 75 6e 63 74 69 6f 6e 20 41 61 28 62 29 7b 24 3d 62 2c 74 79 70 65 6f 66 20 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72
                                                                                                                                                                                                                                                                                      Data Ascii: n at <promise_settled_stack_below>\n"+i.settledStack:"")+(i!=null&&typeof i.createdStack==="string"?"\n at <promise_created_stack_below>\n"+i.createdStack:"")}catch(a){}b.reportError(e);a.preventDefault()}function Aa(b){$=b,typeof a.addEventListener
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1500INData Raw: 2c 74 68 69 73 29 7d 3b 63 2e 72 65 6c 65 61 73 65 45 76 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 26 26 62 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 6c 65 61 73 65 45 76 65 6e 74 2e 63 61 6c 6c 28 74 68 69 73 2c 61 29 7d 3b 72 65 74 75 72 6e 20 61 7d 28 63 28 22 45 76 65 6e 74 48 6f 6c 64 65 72 22 29 29 3b 6c 2e 63 61 6c 6c 28 6c 29 3b 61 3d 6c 3b 67 5b 22 64 65 66 61 75 6c 74 22 5d 3d 61 7d 29 2c 39 38 29 3b 0a 5f 5f 64 28 22 42 69 67 50 69 70 65 49 6e 73 74 61 6e 63 65 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 67 3d 6e 75 6c 6c 3b 61 3d 7b 45 76 65 6e 74 73 3a 7b 69 6e 69 74 3a 22 42 69 67 50 69 70 65 2f 69 6e 69 74 22 2c 74 74 69 3a 22 74 74 69 5f 62 69
                                                                                                                                                                                                                                                                                      Data Ascii: ,this)};c.releaseEvent=function(a){a&&b.prototype.releaseEvent.call(this,a)};return a}(c("EventHolder"));l.call(l);a=l;g["default"]=a}),98);__d("BigPipeInstance",[],(function(a,b,c,d,e,f){"use strict";var g=null;a={Events:{init:"BigPipe/init",tti:"tti_bi
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC14884INData Raw: 61 72 65 64 57 6f 72 6b 65 72 3a 64 2c 69 73 49 6e 57 6f 72 6b 65 72 3a 63 7d 3b 62 3d 61 3b 66 5b 22 64 65 66 61 75 6c 74 22 5d 3d 62 7d 29 2c 36 36 29 3b 0a 5f 5f 64 28 22 42 6f 6f 74 6c 6f 61 64 65 72 44 6f 63 75 6d 65 6e 74 49 6e 73 65 72 74 65 72 22 2c 5b 22 45 78 65 63 75 74 69 6f 6e 45 6e 76 69 72 6f 6e 6d 65 6e 74 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 68 2c 69 3d 6e 75 6c 6c 3b 66 75 6e 63 74 69 6f 6e 20 6a 28 29 7b 69 7c 7c 28 69 3d 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 7c 7c 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 68 65 61 64 22 29 5b 30 5d 7c 7c 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 29 3b 72 65
                                                                                                                                                                                                                                                                                      Data Ascii: aredWorker:d,isInWorker:c};b=a;f["default"]=b}),66);__d("BootloaderDocumentInserter",["ExecutionEnvironment"],(function(a,b,c,d,e,f,g){"use strict";var h,i=null;function j(){i||(i=document.head||document.getElementsByTagName("head")[0]||document.body);re
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC16384INData Raw: 28 29 3b 62 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 64 2e 61 64 64 28 61 29 7d 29 3b 63 2e 73 65 74 28 61 2c 64 29 3b 74 68 69 73 2e 24 31 3d 63 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 62 2e 61 64 64 53 65 74 45 6c 65 6d 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 74 68 69 73 2e 24 31 7c 7c 6e 65 77 20 4d 61 70 28 29 2c 64 3d 63 2e 67 65 74 28 61 29 7c 7c 6e 65 77 20 53 65 74 28 29 3b 64 2e 61 64 64 28 62 29 3b 63 2e 73 65 74 28 61 2c 64 29 3b 74 68 69 73 2e 24 31 3d 63 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 62 2e 61 64 64 56 65 63 74 6f 72 41 6e 6e 6f 74 61 74 69 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 24 33 3d 74 68 69 73 2e 24 33 7c 7c 6e 65 77 20 4d
                                                                                                                                                                                                                                                                                      Data Ascii: ();b.forEach(function(a){return d.add(a)});c.set(a,d);this.$1=c;return this};b.addSetElement=function(a,b){var c=this.$1||new Map(),d=c.get(a)||new Set();d.add(b);c.set(a,d);this.$1=c;return this};b.addVectorAnnotation=function(a,b){this.$3=this.$3||new M
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC16384INData Raw: 22 2c 5b 22 45 78 65 63 75 74 69 6f 6e 45 6e 76 69 72 6f 6e 6d 65 6e 74 22 2c 22 50 48 50 51 75 65 72 79 53 65 72 69 61 6c 69 7a 65 72 4e 6f 45 6e 63 6f 64 69 6e 67 22 2c 22 55 52 49 41 62 73 74 72 61 63 74 42 61 73 65 22 2c 22 55 52 49 53 63 68 65 6d 65 73 22 2c 22 55 72 69 4e 65 65 64 52 61 77 51 75 65 72 79 53 56 43 68 65 63 6b 65 72 22 2c 22 65 72 72 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 76 61 72 20 68 2c 69 3b 66 75 6e 63 74 69 6f 6e 20 6a 28 61 2c 62 2c 64 2c 65 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 63 28 22 55 52 49 41 62 73 74 72 61 63 74 42 61 73 65 22 29 2e 70 61 72 73 65 28 61 2c 62 2c 64 2c 65 29 7d 63 61 74 63 68 28 61 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 63 28 22 65 72 72 22 29
                                                                                                                                                                                                                                                                                      Data Ascii: ",["ExecutionEnvironment","PHPQuerySerializerNoEncoding","URIAbstractBase","URISchemes","UriNeedRawQuerySVChecker","err"],(function(a,b,c,d,e,f,g){var h,i;function j(a,b,d,e){try{return c("URIAbstractBase").parse(a,b,d,e)}catch(a){throw new Error(c("err")
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC14884INData Raw: 53 52 65 73 6f 75 72 63 65 45 76 65 6e 74 73 22 29 2e 6e 6f 74 69 66 79 28 61 2e 24 31 2c 63 2c 22 50 52 4f 4d 49 53 45 5f 52 45 53 4f 4c 56 45 44 22 29 2c 62 28 65 29 7d 2c 28 65 3d 61 2e 24 32 29 21 3d 6e 75 6c 6c 3f 65 3a 6e 29 7d 29 7d 29 3b 28 68 7c 7c 28 68 3d 64 28 22 50 72 6f 6d 69 73 65 41 6e 6e 6f 74 61 74 65 22 29 29 29 2e 73 65 74 44 69 73 70 6c 61 79 4e 61 6d 65 28 65 2c 22 42 6f 6f 74 6c 6f 61 64 28 22 2b 74 68 69 73 2e 67 65 74 4d 6f 64 75 6c 65 49 64 28 29 2b 22 29 22 29 3b 72 65 74 75 72 6e 20 65 7d 3b 65 2e 70 72 65 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 2c 62 3d 74 68 69 73 2c 63 3d 28 61 3d 74 68 69 73 2e 24 32 29 21 3d 6e 75 6c 6c 3f 61 3a 6e 3b 6d 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61
                                                                                                                                                                                                                                                                                      Data Ascii: SResourceEvents").notify(a.$1,c,"PROMISE_RESOLVED"),b(e)},(e=a.$2)!=null?e:n)})});(h||(h=d("PromiseAnnotate"))).setDisplayName(e,"Bootload("+this.getModuleId()+")");return e};e.preload=function(){var a,b=this,c=(a=this.$2)!=null?a:n;m(function(a){return a


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      55192.168.2.849821157.240.251.9443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC581OUTGET /rsrc.php/v3/y3/r/Vvet8_5H-wT.js HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: static.xx.fbcdn.net
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      Origin: https://www.facebook.com
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                      Referer: https://www.facebook.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1943INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Content-Type: application/x-javascript; charset=utf-8
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                                                                                                                                                                                                                      content-md5: k4hf2pugwnbPFbr0OAwJhw==
                                                                                                                                                                                                                                                                                      Expires: Sat, 04 Oct 2025 09:08:25 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: public,max-age=31536000,immutable
                                                                                                                                                                                                                                                                                      report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                                                                                      timing-allow-origin: *
                                                                                                                                                                                                                                                                                      document-policy: force-load-at-top
                                                                                                                                                                                                                                                                                      permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                                                                                                                                                                                                                                                      cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                                                                                      origin-agent-cluster: ?1
                                                                                                                                                                                                                                                                                      X-FB-Debug: hNoriPskVX2pAvqnnS550N7ah0KHBdAwcRMs4mlj8tPYtvaehejFkqiuco7L3I6mrx2OoRViDjmkQajFjjjqfA==
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:19 GMT
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: https://www.facebook.com
                                                                                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                                                                                      X-FB-Connection-Quality: GOOD; q=0.7, rtt=84, rtx=0, c=14, mss=1392, tbw=3409, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 7219
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1INData Raw: 3b
                                                                                                                                                                                                                                                                                      Data Ascii: ;
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC7218INData Raw: 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 5f 5f 64 28 22 42 61 6e 7a 61 69 22 2c 5b 22 63 72 3a 37 33 38 33 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 67 5b 22 64 65 66 61 75 6c 74 22 5d 3d 62 28 22 63 72 3a 37 33 38 33 22 29 7d 29 2c 39 38 29 3b 0a 5f 5f 64 28 22 45 76 65 6e 74 45 6d 69 74 74 65 72 57 69 74 68 56 61 6c 69 64 61 74 69 6f 6e 22 2c 5b 22 42 61 73 65 45 76 65 6e 74 45 6d 69 74 74 65 72 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 62 61 62 65 6c 48 65 6c 70 65 72 73 2e 69 6e 68 65 72 69 74 73 4c 6f 6f 73 65 28 62 2c 61 29 3b 66 75 6e 63 74 69 6f 6e 20 62 28 62 2c 63 29 7b 76 61
                                                                                                                                                                                                                                                                                      Data Ascii: /*FB_PKG_DELIM*/__d("Banzai",["cr:7383"],(function(a,b,c,d,e,f,g){g["default"]=b("cr:7383")}),98);__d("EventEmitterWithValidation",["BaseEventEmitter"],(function(a,b,c,d,e,f){"use strict";a=function(a){babelHelpers.inheritsLoose(b,a);function b(b,c){va


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      56192.168.2.849820157.240.251.9443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC592OUTGET /rsrc.php/v3issO4/yc/l/en_US/YYUppJnv9Es.js HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: static.xx.fbcdn.net
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      Origin: https://www.facebook.com
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                      Referer: https://www.facebook.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1944INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Content-Type: application/x-javascript; charset=utf-8
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                                                                                                                                                                                                                      content-md5: BqvU7Gp2bgoXfv1YA//mvw==
                                                                                                                                                                                                                                                                                      Expires: Mon, 06 Oct 2025 09:29:15 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: public,max-age=31536000,immutable
                                                                                                                                                                                                                                                                                      report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                                                                                      timing-allow-origin: *
                                                                                                                                                                                                                                                                                      document-policy: force-load-at-top
                                                                                                                                                                                                                                                                                      permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                                                                                                                                                                                                                                                      cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                                                                                      origin-agent-cluster: ?1
                                                                                                                                                                                                                                                                                      X-FB-Debug: Ut+3XEA/DawYEAj47PtFvZBL1Ay3zXSv8mDzb8gdJQGSXobVXK0P2FKuMWEQ8z719yEaTAL1omcbosNi+lgqWA==
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:19 GMT
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: https://www.facebook.com
                                                                                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                                                                                      X-FB-Connection-Quality: GOOD; q=0.7, rtt=84, rtx=0, c=14, mss=1392, tbw=3409, tp=-1, tpl=-1, uplat=6, ullat=-1
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 33942
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1INData Raw: 3b
                                                                                                                                                                                                                                                                                      Data Ascii: ;
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC15861INData Raw: 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 5f 5f 64 28 22 4d 61 6e 61 67 65 64 45 72 72 6f 72 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 62 61 62 65 6c 48 65 6c 70 65 72 73 2e 69 6e 68 65 72 69 74 73 4c 6f 6f 73 65 28 62 2c 61 29 3b 66 75 6e 63 74 69 6f 6e 20 62 28 62 2c 63 29 7b 76 61 72 20 64 3b 64 3d 61 2e 63 61 6c 6c 28 74 68 69 73 2c 62 21 3d 3d 6e 75 6c 6c 26 26 62 21 3d 3d 76 6f 69 64 20 30 3f 62 3a 22 22 29 7c 7c 74 68 69 73 3b 62 21 3d 3d 6e 75 6c 6c 26 26 62 21 3d 3d 76 6f 69 64 20 30 3f 64 2e 6d 65 73 73 61 67 65 3d 62 3a 64 2e 6d 65 73 73 61 67 65 3d 22 22 3b 64 2e 69 6e 6e 65 72 45 72 72 6f 72 3d 63 3b 72 65 74 75 72 6e 20 64 7d 72 65 74 75 72 6e 20
                                                                                                                                                                                                                                                                                      Data Ascii: /*FB_PKG_DELIM*/__d("ManagedError",[],(function(a,b,c,d,e,f){a=function(a){babelHelpers.inheritsLoose(b,a);function b(b,c){var d;d=a.call(this,b!==null&&b!==void 0?b:"")||this;b!==null&&b!==void 0?d.message=b:d.message="";d.innerError=c;return d}return
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC16384INData Raw: 63 2c 65 3d 62 2e 67 65 74 51 75 65 75 65 4e 61 6d 65 53 75 66 66 69 78 28 29 2c 66 3d 24 28 65 29 3b 77 68 69 6c 65 28 63 3d 62 2e 64 65 71 75 65 75 65 49 74 65 6d 28 29 29 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 76 61 72 20 67 3d 63 2e 69 74 65 6d 3b 5a 28 67 29 3f 28 64 28 22 46 61 6c 63 6f 55 74 69 6c 73 22 29 2e 62 75 6d 70 4f 44 53 4d 65 74 72 69 63 73 28 63 2e 69 74 65 6d 2e 6e 61 6d 65 2c 22 65 76 65 6e 74 2e 69 6e 66 6f 2e 75 70 6c 6f 61 64 5f 6d 65 74 68 6f 64 2e 73 74 72 65 61 6d 69 6e 67 2e 6c 6f 67 5f 63 72 69 74 69 63 61 6c 22 2c 31 29 2c 59 28 29 2c 67 2e 6c 6f 67 43 72 69 74 69 63 61 6c 3d 21 30 2c 21 46 3f 28 66 26 26 28 67 2e 69 64 65 6e 74 69 74 79 3d 66 29 2c 4f 28 5b 5b 62 2c 63 5d 5d 2c 22 65 76 65 6e 74 2e 6e 6f 6e 5f 63 72 69 74 69
                                                                                                                                                                                                                                                                                      Data Ascii: c,e=b.getQueueNameSuffix(),f=$(e);while(c=b.dequeueItem())(function(c){var g=c.item;Z(g)?(d("FalcoUtils").bumpODSMetrics(c.item.name,"event.info.upload_method.streaming.log_critical",1),Y(),g.logCritical=!0,!F?(f&&(g.identity=f),O([[b,c]],"event.non_criti
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1696INData Raw: 6e 74 22 29 7d 63 61 74 63 68 28 61 29 7b 7d 7d 7d 3b 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6d 65 73 73 61 67 65 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 64 28 22 4c 6f 67 22 29 2e 64 65 62 75 67 28 22 50 6c 75 67 69 6e 58 44 52 65 61 64 79 20 61 74 20 22 2b 77 69 6e 64 6f 77 2e 6e 61 6d 65 2b 22 20 72 65 63 65 69 76 65 64 20 6d 65 73 73 61 67 65 20 22 2b 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 61 2e 64 61 74 61 2e 6d 65 73 73 61 67 65 29 29 3b 69 66 28 61 2e 64 61 74 61 2e 78 64 41 72 62 69 74 65 72 53 79 6e 29 64 28 22 53 65 63 75 72 65 50 6f 73 74 4d 65 73 73 61 67 65 22 29 2e 73 65 6e 64 4d 65 73 73 61 67 65 41 6c 6c 6f 77 41 6e 79 4f 72 69 67 69 6e 5f 55 4e 53 41 46 45 28 61 2e 73 6f 75 72 63 65 2c 7b 78 64
                                                                                                                                                                                                                                                                                      Data Ascii: nt")}catch(a){}}};window.addEventListener("message",function(a){d("Log").debug("PluginXDReady at "+window.name+" received message "+JSON.stringify(a.data.message));if(a.data.xdArbiterSyn)d("SecurePostMessage").sendMessageAllowAnyOrigin_UNSAFE(a.source,{xd


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      57192.168.2.849823157.240.251.9443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC592OUTGET /rsrc.php/v3i7M54/yL/l/en_US/xKY8pb0-fD_.js HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: static.xx.fbcdn.net
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      Origin: https://www.facebook.com
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                      Referer: https://www.facebook.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1946INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Content-Type: application/x-javascript; charset=utf-8
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                                                                                                                                                                                                                      content-md5: JvsytMTn6YXqW6R29QBm2g==
                                                                                                                                                                                                                                                                                      Expires: Mon, 06 Oct 2025 09:29:15 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: public,max-age=31536000,immutable
                                                                                                                                                                                                                                                                                      report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                                                                                      timing-allow-origin: *
                                                                                                                                                                                                                                                                                      document-policy: force-load-at-top
                                                                                                                                                                                                                                                                                      permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                                                                                                                                                                                                                                                      cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                                                                                      origin-agent-cluster: ?1
                                                                                                                                                                                                                                                                                      X-FB-Debug: t3RfrcXhxwq3MLesREqXv1sxVXE5QgBmhsYFDKT72dBgy4WiZ6tb8WKqKb4gMJ4IQurU+YzwYra7t1E8MnTGCg==
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:19 GMT
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: https://www.facebook.com
                                                                                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                                                                                      X-FB-Connection-Quality: GOOD; q=0.7, rtt=84, rtx=0, c=14, mss=1392, tbw=3408, tp=-1, tpl=-1, uplat=20, ullat=-1
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 156474
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1INData Raw: 3b
                                                                                                                                                                                                                                                                                      Data Ascii: ;
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC15859INData Raw: 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 5f 5f 64 28 22 41 72 62 69 74 65 72 46 72 61 6d 65 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 61 3d 7b 69 6e 66 6f 72 6d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3d 70 61 72 65 6e 74 2e 66 72 61 6d 65 73 2c 65 3d 64 2e 6c 65 6e 67 74 68 2c 66 3b 62 2e 63 72 6f 73 73 46 72 61 6d 65 3d 21 30 3b 66 6f 72 28 76 61 72 20 67 3d 30 3b 67 3c 65 3b 67 2b 2b 29 7b 66 3d 64 5b 67 5d 3b 74 72 79 7b 69 66 28 21 66 7c 7c 66 3d 3d 77 69 6e 64 6f 77 29 63 6f 6e 74 69 6e 75 65 3b 66 2e 72 65 71 75 69 72 65 3f 66 2e 72 65 71 75 69 72 65 28 22 41 72 62 69 74 65 72 22 29 2e 69 6e 66 6f 72 6d 28 61 2c 62 2c 63 29 3a 66 2e 53 65 72 76 65 72 4a 53 41 73 79 6e
                                                                                                                                                                                                                                                                                      Data Ascii: /*FB_PKG_DELIM*/__d("ArbiterFrame",[],(function(a,b,c,d,e,f){a={inform:function(a,b,c){var d=parent.frames,e=d.length,f;b.crossFrame=!0;for(var g=0;g<e;g++){f=d[g];try{if(!f||f==window)continue;f.require?f.require("Arbiter").inform(a,b,c):f.ServerJSAsyn
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC16384INData Raw: 22 72 65 74 75 72 6e 22 2c 74 68 69 73 2e 24 37 29 3b 63 61 73 65 20 31 3a 63 61 73 65 22 65 6e 64 22 3a 72 65 74 75 72 6e 20 61 2e 73 74 6f 70 28 29 7d 7d 2c 6e 75 6c 6c 2c 74 68 69 73 29 7d 3b 72 65 74 75 72 6e 20 61 7d 28 29 3b 66 5b 22 64 65 66 61 75 6c 74 22 5d 3d 61 7d 29 2c 36 36 29 3b 0a 5f 5f 64 28 22 6d 69 78 69 6e 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 66 75 6e 63 74 69 6f 6e 20 61 28 29 7b 76 61 72 20 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 62 3d 30 2c 63 3b 77 68 69 6c 65 28 62 3c 30 7c 7c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3c 3d 62 3f 76 6f 69 64 20 30 3a 61 72 67 75 6d 65 6e 74 73 5b 62 5d 29 7b 63 3d 62 3c 30 7c 7c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3c 3d 62 3f 76
                                                                                                                                                                                                                                                                                      Data Ascii: "return",this.$7);case 1:case"end":return a.stop()}},null,this)};return a}();f["default"]=a}),66);__d("mixin",[],(function(a,b,c,d,e,f){function a(){var a=function(){},b=0,c;while(b<0||arguments.length<=b?void 0:arguments[b]){c=b<0||arguments.length<=b?v
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC16384INData Raw: 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 65 5b 61 5d 7c 7c 61 7d 29 2e 6a 6f 69 6e 28 22 22 29 2e 74 72 69 6d 28 29 29 3b 66 3d 66 2e 72 65 70 6c 61 63 65 28 2f 5e 5b 5e 5c 64 5d 2a 5c 2d 2f 2c 22 5c 78 30 32 22 29 3b 66 3d 66 2e 72 65 70 6c 61 63 65 28 6b 2c 22 22 29 3b 61 3d 62 28 22 65 73 63 61 70 65 52 65 67 65 78 22 29 28 63 29 3b 63 3d 62 28 22 65 73 63 61 70 65 52 65 67 65 78 22 29 28 64 29 3b 64 3d 6a 28 22 5e 5b 5e 5c 5c 64 5d 2a 5c 5c 64 2e 2a 22 2b 61 2b 22 2e 2a 5c 5c 64 5b 5e 5c 5c 64 5d 2a 24 22 29 3b 69 66 28 21 64 2e 74 65 73 74 28 66 29 29 7b 64 3d 6a 28 22 28 5e 5b 5e 5c 5c 64 5d 2a 29 22 2b 61 2b 22 28 5c 5c 64 2a 5b 5e 5c 5c 64 5d 2a 24 29 22 29 3b 69 66 28 64 2e 74 65 73 74 28 66 29 29 7b 66 3d 66 2e 72 65 70 6c 61 63 65 28 64 2c 22 24
                                                                                                                                                                                                                                                                                      Data Ascii: on(a){return e[a]||a}).join("").trim());f=f.replace(/^[^\d]*\-/,"\x02");f=f.replace(k,"");a=b("escapeRegex")(c);c=b("escapeRegex")(d);d=j("^[^\\d]*\\d.*"+a+".*\\d[^\\d]*$");if(!d.test(f)){d=j("(^[^\\d]*)"+a+"(\\d*[^\\d]*$)");if(d.test(f)){f=f.replace(d,"$
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC16384INData Raw: 22 44 65 66 65 72 72 65 64 22 29 29 28 29 3b 65 2e 70 75 73 68 28 62 2e 67 65 74 50 72 6f 6d 69 73 65 28 29 29 3b 72 65 74 75 72 6e 20 63 28 22 54 69 6d 65 53 6c 69 63 65 22 29 2e 67 75 61 72 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 61 26 26 63 28 22 63 6c 65 61 72 54 69 6d 65 6f 75 74 22 29 28 61 29 2c 62 2e 72 65 73 6f 6c 76 65 28 29 7d 2c 22 41 73 79 6e 63 52 65 71 75 65 73 74 44 69 73 70 6c 61 79 42 6c 6f 63 6b 69 6e 67 45 76 65 6e 74 22 2c 7b 70 72 6f 70 61 67 61 74 69 6f 6e 54 79 70 65 3a 63 28 22 54 69 6d 65 53 6c 69 63 65 22 29 2e 50 72 6f 70 61 67 61 74 69 6f 6e 54 79 70 65 2e 45 58 45 43 55 54 49 4f 4e 7d 29 7d 3b 61 2e 68 61 6e 64 6c 65 28 62 2c 7b 62 69 67 50 69 70 65 43 6f 6e 74 65 78 74 3a 7b 72 65 67 69 73 74 65 72 54 6f 42 6c 6f 63 6b 44 69
                                                                                                                                                                                                                                                                                      Data Ascii: "Deferred"))();e.push(b.getPromise());return c("TimeSlice").guard(function(){a&&c("clearTimeout")(a),b.resolve()},"AsyncRequestDisplayBlockingEvent",{propagationType:c("TimeSlice").PropagationType.EXECUTION})};a.handle(b,{bigPipeContext:{registerToBlockDi
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1500INData Raw: 69 6e 67 28 29 2e 69 6e 63 6c 75 64 65 73 28 22 2f 2e 2e 2f 22 29 7c 7c 74 68 69 73 2e 75 72 69 2e 74 6f 53 74 72 69 6e 67 28 29 2e 69 6e 63 6c 75 64 65 73 28 22 5c 5c 2e 2e 2f 22 29 7c 7c 74 68 69 73 2e 75 72 69 2e 74 6f 53 74 72 69 6e 67 28 29 2e 69 6e 63 6c 75 64 65 73 28 22 2f 2e 2e 5c 5c 22 29 7c 7c 74 68 69 73 2e 75 72 69 2e 74 6f 53 74 72 69 6e 67 28 29 2e 69 6e 63 6c 75 64 65 73 28 22 5c 5c 2e 2e 5c 5c 22 29 29 72 65 74 75 72 6e 21 31 3b 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 74 68 69 73 2e 64 61 74 61 2c 63 28 22 67 65 74 41 73 79 6e 63 50 61 72 61 6d 73 22 29 28 74 68 69 73 2e 6d 65 74 68 6f 64 29 29 3b 28 70 7c 7c 28 70 3d 63 28 22 69 73 45 6d 70 74 79 22 29 29 29 28 74 68 69 73 2e 63 6f 6e 74 65 78 74 29 7c 7c 28 4f 62 6a 65 63 74 2e 61 73
                                                                                                                                                                                                                                                                                      Data Ascii: ing().includes("/../")||this.uri.toString().includes("\\../")||this.uri.toString().includes("/..\\")||this.uri.toString().includes("\\..\\"))return!1;Object.assign(this.data,c("getAsyncParams")(this.method));(p||(p=c("isEmpty")))(this.context)||(Object.as
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC14884INData Raw: 6e 63 52 65 71 75 65 73 74 2e 73 65 6e 64 22 29 3b 69 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 65 2e 74 72 61 6e 73 70 6f 72 74 3b 61 26 26 61 2e 72 65 61 64 79 53 74 61 74 65 3e 3d 32 26 26 61 2e 72 65 61 64 79 53 74 61 74 65 3c 3d 33 26 26 65 2e 5f 68 61 6e 64 6c 65 46 6c 75 73 68 65 64 52 65 73 70 6f 6e 73 65 28 29 3b 69 2e 72 65 61 64 79 53 74 61 74 65 3d 3d 3d 34 26 26 65 2e 63 6f 6e 74 69 6e 75 61 74 69 6f 6e 2e 6c 61 73 74 28 65 2e 5f 6f 6e 53 74 61 74 65 43 68 61 6e 67 65 29 7d 3b 74 68 69 73 2e 70 72 6f 67 72 65 73 73 48 61 6e 64 6c 65 72 26 26 78 28 69 29 26 26 28 69 2e 6f 6e 70 72 6f 67 72 65 73 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 61 3d 61 72 67 75
                                                                                                                                                                                                                                                                                      Data Ascii: ncRequest.send");i.onreadystatechange=function(){var a=e.transport;a&&a.readyState>=2&&a.readyState<=3&&e._handleFlushedResponse();i.readyState===4&&e.continuation.last(e._onStateChange)};this.progressHandler&&x(i)&&(i.onprogress=function(){for(var a=argu
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC16384INData Raw: 2c 61 2e 6c 65 6e 67 74 68 29 3b 28 67 7c 7c 28 67 3d 62 28 22 57 65 62 53 74 6f 72 61 67 65 22 29 29 29 2e 73 65 74 49 74 65 6d 47 75 61 72 64 65 64 28 63 2c 6a 2b 62 28 22 57 65 62 53 65 73 73 69 6f 6e 22 29 2e 67 65 74 49 64 28 29 2b 22 2e 22 2b 28 69 7c 7c 28 69 3d 62 28 22 70 65 72 66 6f 72 6d 61 6e 63 65 41 62 73 6f 6c 75 74 65 4e 6f 77 22 29 29 29 28 29 2c 62 28 22 63 72 3a 38 39 35 38 22 29 2e 73 74 72 69 6e 67 69 66 79 28 64 29 29 7d 7d 3b 65 2e 65 78 70 6f 72 74 73 3d 61 7d 29 2c 6e 75 6c 6c 29 3b 0a 5f 5f 64 28 22 51 75 65 72 79 53 74 72 69 6e 67 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 66 75 6e 63 74 69 6f 6e 20 67 28 61 29 7b 76 61 72 20 62 3d 5b 5d 3b 4f 62 6a 65 63 74 2e 6b 65 79 73 28 61 29 2e 73
                                                                                                                                                                                                                                                                                      Data Ascii: ,a.length);(g||(g=b("WebStorage"))).setItemGuarded(c,j+b("WebSession").getId()+"."+(i||(i=b("performanceAbsoluteNow")))(),b("cr:8958").stringify(d))}};e.exports=a}),null);__d("QueryString",[],(function(a,b,c,d,e,f){function g(a){var b=[];Object.keys(a).s
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC16384INData Raw: 69 67 67 65 72 3a 61 7d 5d 3b 62 28 22 63 72 3a 32 30 33 37 22 29 2e 73 65 6e 64 28 6e 2e 5f 70 72 65 70 46 6f 72 54 72 61 6e 73 69 74 28 63 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 6b 2e 5f 5f 6d 65 74 61 2e 73 74 61 74 75 73 3d 28 69 7c 7c 28 69 3d 62 28 22 42 61 6e 7a 61 69 43 6f 6e 73 74 73 22 29 29 29 2e 50 4f 53 54 5f 53 45 4e 54 2c 6b 2e 5f 5f 6d 65 74 61 2e 63 61 6c 6c 62 61 63 6b 26 26 6b 2e 5f 5f 6d 65 74 61 2e 63 61 6c 6c 62 61 63 6b 28 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 62 28 22 42 61 6e 7a 61 69 55 74 69 6c 73 22 29 2e 72 65 74 72 79 50 6f 73 74 28 6a 2c 61 2c 6c 29 7d 2c 21 30 29 3b 69 66 28 21 66 29 72 65 74 75 72 6e 7d 6c 2e 70 75 73 68 28 6a 29 3b 28 6e 2e 5f 73 63 68 65 64 75 6c 65 28 65 29 7c 7c 21 6d 29 26 26 28 6d 3d 61 29 7d
                                                                                                                                                                                                                                                                                      Data Ascii: igger:a}];b("cr:2037").send(n._prepForTransit(c),function(){k.__meta.status=(i||(i=b("BanzaiConsts"))).POST_SENT,k.__meta.callback&&k.__meta.callback()},function(a){b("BanzaiUtils").retryPost(j,a,l)},!0);if(!f)return}l.push(j);(n._schedule(e)||!m)&&(m=a)}
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC14884INData Raw: 65 74 75 70 44 65 6c 65 67 61 74 69 6f 6e 28 21 30 29 7d 2c 31 30 30 29 3b 72 65 74 75 72 6e 7d 69 66 28 69 2e 61 6c 72 65 61 64 79 53 65 74 75 70 29 72 65 74 75 72 6e 3b 69 2e 61 6c 72 65 61 64 79 53 65 74 75 70 3d 21 30 3b 76 61 72 20 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 63 3d 69 2e 67 65 74 4d 61 79 62 65 4c 79 6e 78 4c 69 6e 6b 28 61 2e 74 61 72 67 65 74 29 3b 69 66 28 21 63 29 72 65 74 75 72 6e 3b 76 61 72 20 64 3d 63 5b 30 5d 3b 63 3d 63 5b 31 5d 3b 76 61 72 20 65 3d 63 2c 66 3d 6e 65 77 28 67 7c 7c 28 67 3d 62 28 22 55 52 49 22 29 29 29 28 63 2e 68 72 65 66 29 2c 6a 3b 69 66 28 62 28 22 4c 69 6e 6b 73 68 69 6d 48 61 6e 64 6c 65 72 43 6f 6e 66 69 67 22 29 2e 67 68 6c 5f 70 61 72 61 6d 5f 6c 69 6e 6b 5f 73 68 69 6d 26 26 64 21 3d 3d
                                                                                                                                                                                                                                                                                      Data Ascii: etupDelegation(!0)},100);return}if(i.alreadySetup)return;i.alreadySetup=!0;var c=function(a){var c=i.getMaybeLynxLink(a.target);if(!c)return;var d=c[0];c=c[1];var e=c,f=new(g||(g=b("URI")))(c.href),j;if(b("LinkshimHandlerConfig").ghl_param_link_shim&&d!==


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      58192.168.2.849833157.240.26.27443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC881OUTGET /v/t39.30808-6/303280254_411128561164160_6605626465690304584_n.jpg?stp=dst-jpg_s526x395&_nc_cat=106&ccb=1-7&_nc_sid=4cb600&_nc_ohc=1I2yrbFI2LYQ7kNvgEsGWmR&_nc_ht=scontent-msp1-1.xx&edm=AEDRbFQEAAAA&_nc_gid=A4syIzp1y9Bx-a7cihdwta0&oh=00_AYCdJGOufY8qZigevwZ9U0PHjEqRvLbmQ_sPWeanTh1Z5w&oe=670A27D3 HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: scontent-msp1-1.xx.fbcdn.net
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                      Referer: https://www.facebook.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC707INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      x-additional-error-detail:
                                                                                                                                                                                                                                                                                      Last-Modified: Sat, 10 Sep 2022 00:32:13 GMT
                                                                                                                                                                                                                                                                                      X-Needle-Checksum: 961577928
                                                                                                                                                                                                                                                                                      Content-Type: image/jpeg
                                                                                                                                                                                                                                                                                      content-digest: adler32=4133468394
                                                                                                                                                                                                                                                                                      cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                                                      timing-allow-origin: *
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=1209600, no-transform
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:19 GMT
                                                                                                                                                                                                                                                                                      X-FB-Edge-Debug: 66rHWuf52VBZnOZRv0Q5eUWFc8OYJAKON_50f7rI4fuaT6KcqFmHG7zw0e8jWln-bIJP8M2wq88yWP1XPgOtV9naXq1J_zZ8HvzsuFjj6ic
                                                                                                                                                                                                                                                                                      X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=30, rtx=0, c=14, mss=1392, tbw=3408, tp=-1, tpl=-1, uplat=39, ullat=0
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 15587
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC793INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ed 00 84 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 68 1c 02 28 00 62 46 42 4d 44 30 61 30 30 30 61 36 66 30 31 30 30 30 30 32 63 30 38 30 30 30 30 33 39 30 66 30 30 30 30 31 65 31 30 30 30 30 30 32 39 31 31 30 30 30 30 65 36 31 38 30 30 30 30 33 38 32 33 30 30 30 30 64 61 32 35 30 30 30 30 63 35 32 36 30 30 30 30 63 65 32 37 30 30 30 30 65 33 33 63 30 30 30 30 00 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28
                                                                                                                                                                                                                                                                                      Data Ascii: JFIFPhotoshop 3.08BIMh(bFBMD0a000a6f0100002c080000390f00001e10000029110000e618000038230000da250000c5260000ce270000e33c0000C%# , #&')*)-0-(0%()(C((((((((((((((
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC3235INData Raw: 2e 19 22 4c 46 48 35 73 e6 07 27 d1 d0 dd 2c 3a 9e 1f 69 eb 78 7e 60 fb 5e a7 c0 fd ec 2a 54 d4 05 82 c1 52 84 a0 00 00 00 00 00 00 00 08 54 a0 08 02 14 85 80 41 c3 e4 76 f8 47 63 1c 2a 32 62 32 f0 7b 69 c7 f6 7b 32 31 df 8d 96 73 0c 4f 98 f2 75 30 39 ff 00 a7 f0 7b b0 b7 1a 9a 82 80 b0 a0 80 a0 00 00 00 00 00 00 10 b0 00 01 28 80 85 25 81 10 e6 fc ef d3 fc 99 d5 cf 4e c4 64 c4 66 9b 24 cb 1c 4c e6 bc 4d ae 5f 98 ed 69 e4 75 e6 3d dd ae 2f 66 27 24 b1 35 28 05 41 52 80 54 a0 09 61 50 50 00 00 00 40 00 20 21 48 2c 04 85 80 88 6a f8 cf b5 f9 53 76 cd 5b d1 33 62 67 39 fc e3 bb a3 91 d1 97 8f 2e 8e 46 3b b0 92 d9 74 e8 47 5b b5 f1 df 5b 59 da d7 53 b1 80 ce ea c8 ce f8 35 da bd 36 bc ab 6c 90 64 82 a5 00 14 00 01 0a 94 02 02 58 00 10 01 2c 22 62 65 35 e0 6c
                                                                                                                                                                                                                                                                                      Data Ascii: ."LFH5s',:ix~`^*TRTAvGc*2b2{i{21sOu09{(%Ndf$LM_iu=/f'$5(ARTaPP@ !H,jSv[3bg9.F;tG[[YS56ldX,"be5l
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC4064INData Raw: e2 5a ea 36 11 f1 06 de 15 22 03 46 62 60 44 7c a2 00 d9 39 97 a7 61 15 ad a5 65 d5 f8 ea 08 bd a6 30 c1 69 a5 06 8d 8e a2 12 0f b6 68 04 ea 95 34 c0 94 7a da af d6 3f ff c4 00 28 11 00 02 01 03 02 04 06 03 00 00 00 00 00 00 00 00 01 02 00 03 11 12 21 31 13 20 40 41 04 10 22 32 50 70 33 51 60 ff da 00 08 01 02 01 01 3f 01 fb 3d 5b 21 7e 50 ea db 75 80 5b 93 c4 fe 23 29 e5 c5 17 f8 06 5c 85 8c 54 0b b7 99 fe 8c fc 2e 0d 6b f5 64 c5 b9 1a c0 2e 6d 0d 2a 60 6b 38 59 7b 62 a2 af 93 53 56 8d 45 87 48 0d f9 82 1d cc 54 6d c4 08 06 b1 81 22 5d a9 fb b6 88 d9 6c 66 d0 bc 6b 34 23 4e a2 9e 27 92 df b8 f4 f1 37 a7 38 c4 ef 38 93 c3 e5 99 63 b4 14 bd 37 95 31 d8 74 ea 0f 68 b5 7b 34 b4 2d 68 5a 35 4b 18 c7 23 00 31 68 e1 ea a9 2a d7 2f a0 82 99 dc 9e a3 53 16 a1 5d
                                                                                                                                                                                                                                                                                      Data Ascii: Z6"Fb`D|9ae0ih4z?(!1 @A"2Pp3Q`?=[!~Pu[#)\T.kd.m*`k8Y{bSVEHTm"]lfk4#N'788c71th{4-hZ5K#1h*/S]
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC4064INData Raw: 86 57 bb 0f e6 48 91 3e 33 99 60 33 80 4b a8 74 bf 44 2c 11 0e 53 6d 87 13 6a e5 4a d6 3c 32 e9 43 09 60 20 19 c2 26 88 9b c1 23 7c 8f 75 51 c0 57 73 27 ea 67 56 aa b4 76 09 89 7d 53 b1 d2 22 2c e4 e9 c4 6c 17 a2 9f f3 d6 19 50 16 03 87 c4 bb 58 3c 41 db 21 92 ad 08 41 a4 d0 43 a8 5d bb fe e5 85 c6 17 85 ca 8d ee d5 6c 76 0b d3 fe 44 e7 4f 44 c6 8d 21 5f 62 20 15 30 ff 00 a5 40 0b 1b 9d 5e 26 9b 6c 51 8f f7 69 ac ed 91 3d 07 6e 6b da 3f ae 03 ba a6 ea 63 2b d9 2e 68 8d d5 18 0a b3 9a e8 3f 96 a5 4a 95 d4 ae 8f 43 94 61 70 eb a0 83 4c cb d3 c2 19 83 da 6e e6 d4 a2 71 a0 8c 3b 36 5e 63 51 a1 ad 9a 36 b8 14 8c d2 1e 02 ae b9 4d 22 01 5b 41 05 5e c4 d8 78 61 e6 18 80 0e 08 6d 1a ed 34 87 ea aa 10 d7 f6 3f e4 5a b7 e2 df 9b 86 64 0e 5b 99 0d 20 99 e1 fb 22 94
                                                                                                                                                                                                                                                                                      Data Ascii: WH>3`3KtD,SmjJ<2C` &#|uQWs'gVv}S",lPX<A!AC]lvDOD!_b 0@^&lQi=nk?c+.h?JCapLnq;6^cQ6M"[A^xam4?Zd[ "
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC3431INData Raw: 75 b8 2c 77 76 96 65 0f a4 f5 7f ec df 3b ea 3f c4 01 ce 03 47 ab e2 2b 4b f6 4d 98 74 06 1d 17 2e 5f e3 b9 72 f5 7a 18 ba 28 41 3d a1 f1 30 6f 2a aa 76 9b 21 40 22 c2 c7 35 cc 45 02 14 78 ab 6d e3 40 9b 10 d4 0b 5a cd 04 01 32 8b 50 6d c1 a6 ef b0 e2 76 06 6c 36 b5 36 17 bd ca e3 65 01 40 76 8e d8 5d c6 96 bc c5 fd 8e 41 1c 59 17 76 bf 77 2f c4 10 a8 79 53 b3 cb 8f 99 9a f1 6e 9a fd 79 4f 37 09 b2 a6 c1 c3 09 78 51 ce 6b 3c 45 80 e1 06 38 c1 3b f9 99 c6 f3 87 f4 ff 00 50 13 35 dc a3 fa 49 cf 12 15 a4 ef 92 5e e0 3d 13 e5 ff 00 b0 67 d9 81 ef de 04 0f 32 dc bb 8b ca f6 81 02 7c 5b 97 ef c7 bc 4e 4c b2 26 46 08 a9 5d 90 d3 08 cb 97 05 83 a1 d0 6f d1 53 68 69 5a 3d 0e 97 ad c4 1e b0 4c 8b 2a c6 27 99 9e 67 d6 2f 77 e6 23 b4 4e d7 02 9d ec 97 dc a0 5a 72 7a
                                                                                                                                                                                                                                                                                      Data Ascii: u,wve;?G+KMt._rz(A=0o*v!@"5Exm@Z2Pmvl66e@v]AYvw/ySnyO7xQk<E8;P5I^=g2|[NL&F]oShiZ=L*'g/w#NZrz


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      59192.168.2.849824157.240.251.9443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC581OUTGET /rsrc.php/v3/yV/r/fZu5tZNIUeX.js HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: static.xx.fbcdn.net
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      Origin: https://www.facebook.com
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                      Referer: https://www.facebook.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1944INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Content-Type: application/x-javascript; charset=utf-8
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                                                                                                                                                                                                                      content-md5: ZSGFUSoLppfnG954VG7ryg==
                                                                                                                                                                                                                                                                                      Expires: Sat, 04 Oct 2025 09:08:25 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: public,max-age=31536000,immutable
                                                                                                                                                                                                                                                                                      report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                                                                                      timing-allow-origin: *
                                                                                                                                                                                                                                                                                      document-policy: force-load-at-top
                                                                                                                                                                                                                                                                                      permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                                                                                                                                                                                                                                                      cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                                                                                      origin-agent-cluster: ?1
                                                                                                                                                                                                                                                                                      X-FB-Debug: Is1Nt3CUILsfIlz2LwRjRGEMOJTKx797fQxpROH5T5CKw7vGfDHY1UVIyv/P942yOQEQt3unMa08qeotaqGbIQ==
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:19 GMT
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: https://www.facebook.com
                                                                                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                                                                                      X-FB-Connection-Quality: GOOD; q=0.7, rtt=89, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 30864
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC1INData Raw: 3b
                                                                                                                                                                                                                                                                                      Data Ascii: ;
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC15873INData Raw: 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 5f 5f 64 28 22 42 61 6e 7a 61 69 4c 6f 67 67 65 72 22 2c 5b 22 63 72 3a 39 39 38 39 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 66 75 6e 63 74 69 6f 6e 20 68 28 61 29 7b 72 65 74 75 72 6e 7b 6c 6f 67 3a 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 62 28 22 63 72 3a 39 39 38 39 22 29 2e 70 6f 73 74 28 22 6c 6f 67 67 65 72 3a 22 2b 63 2c 64 2c 61 29 7d 2c 63 72 65 61 74 65 3a 68 7d 7d 61 3d 68 28 29 3b 63 3d 61 3b 67 5b 22 64 65 66 61 75 6c 74 22 5d 3d 63 7d 29 2c 39 38 29 3b 0a 5f 5f 64 28 22 42 65 68 61 76 69 6f 72 73 4d 69 78 69 6e 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 76 61 72 20 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b
                                                                                                                                                                                                                                                                                      Data Ascii: /*FB_PKG_DELIM*/__d("BanzaiLogger",["cr:9989"],(function(a,b,c,d,e,f,g){function h(a){return{log:function(c,d){b("cr:9989").post("logger:"+c,d,a)},create:h}}a=h();c=a;g["default"]=c}),98);__d("BehaviorsMixin",[],(function(a,b,c,d,e,f){var g=function(){
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC14990INData Raw: 42 4c 6f 67 67 65 72 22 29 28 22 6c 61 79 65 72 22 29 2e 77 61 72 6e 28 22 4e 6f 20 72 6f 6f 74 20 6e 6f 64 65 20 66 6f 72 20 74 68 69 73 20 4c 61 79 65 72 2e 20 49 74 20 68 61 73 20 65 69 74 68 65 72 20 6e 6f 74 20 79 65 74 20 62 65 65 6e 20 73 65 74 20 6f 72 20 74 68 65 20 4c 61 79 65 72 20 68 61 73 20 62 65 65 6e 20 64 65 73 74 72 6f 79 65 64 2e 20 20 54 68 69 73 20 6c 61 79 65 72 20 68 61 73 20 62 65 65 6e 20 64 65 73 74 72 6f 79 65 64 2e 22 29 3a 63 28 22 46 42 4c 6f 67 67 65 72 22 29 28 22 6c 61 79 65 72 22 29 2e 77 61 72 6e 28 22 4e 6f 20 72 6f 6f 74 20 6e 6f 64 65 20 66 6f 72 20 74 68 69 73 20 4c 61 79 65 72 2e 20 49 74 20 68 61 73 20 70 72 6f 62 61 62 6c 79 20 6e 6f 74 20 62 65 65 6e 20 73 65 74 2e 22 29 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e
                                                                                                                                                                                                                                                                                      Data Ascii: BLogger")("layer").warn("No root node for this Layer. It has either not yet been set or the Layer has been destroyed. This layer has been destroyed."):c("FBLogger")("layer").warn("No root node for this Layer. It has probably not been set."));return this.


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      60192.168.2.849831184.28.90.27443
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                      If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                                                                                                      Range: bytes=0-2147483646
                                                                                                                                                                                                                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                                                                                                                      Host: fs.microsoft.com
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC515INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      ApiVersion: Distribute 1.1
                                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                                                                                                                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                                                                                                      Server: ECAcc (lpl/EF06)
                                                                                                                                                                                                                                                                                      X-CID: 11
                                                                                                                                                                                                                                                                                      X-Ms-ApiVersion: Distribute 1.2
                                                                                                                                                                                                                                                                                      X-Ms-Region: prod-weu-z1
                                                                                                                                                                                                                                                                                      Cache-Control: public, max-age=151399
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:19 GMT
                                                                                                                                                                                                                                                                                      Content-Length: 55
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      X-CID: 2
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                                                                                                                                                                                                      Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      61192.168.2.849841104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC691OUTGET /sites/all/themes/freshmade/img/header-wrapper-2.gif HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/sites/all/themes/freshmade/style.css?s7978o
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC691INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:20 GMT
                                                                                                                                                                                                                                                                                      Content-Type: image/gif
                                                                                                                                                                                                                                                                                      Content-Length: 13692
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 23 Jan 2013 20:50:25 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 03 Nov 2024 00:41:51 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 338369
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i6Fw9zH74VleUWjPQ0dZiUHhwpr8E7zeoZqAfc5awW%2FhtSpi6JwmFG3f3J2wlOBe2YkgKP84OevRYtQ2jcCwYvt37t8qf1t4obGhy7YSjEnLUG7%2FAfKPjDxJMgcAjwMMWmHzlGAd66Vx%2BF9kTg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165e429620ca0-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC678INData Raw: 47 49 46 38 39 61 b0 04 82 00 f7 00 00 28 28 27 36 33 30 30 2e 2c 39 39 39 4c 3e 32 2b 29 27 2e 2c 2a 46 38 2a 3f 38 31 4c 3e 30 34 30 2c 3a 34 2e 48 3c 30 48 3d 32 30 2f 2e 4e 3e 30 36 32 2e 3d 32 28 4a 3c 2e 3a 36 31 2c 2b 2b 37 34 31 4d 40 33 4a 3a 2c 32 2e 2a 3a 35 30 31 30 2e 46 3a 2e 3e 36 2e 3c 34 2c 44 3b 32 42 3a 32 42 38 2f 2c 2a 28 36 36 36 2e 2d 2c 2a 29 29 3e 37 30 34 2e 28 46 36 26 4e 40 30 43 39 30 40 36 2c 48 3a 2c 29 27 26 38 32 2c 3e 34 2a 34 32 2f 42 36 2b 31 2c 27 44 38 2c 39 32 2a 38 34 2f 36 30 2a 2a 28 27 44 37 2a 4c 3c 2e 4a 3e 31 38 33 2e 32 30 2d 30 2c 29 38 38 38 48 3b 2e 3d 35 2e 2a 2a 29 3b 3b 3b 47 38 2a 43 3a 30 46 3b 30 40 37 2e 34 31 2d 30 2d 2a 38 30 28 2e 2e 2d 42 37 2c 3a 33 2c 52 42 33 50 41 34 37 32 2d 2e 2b 28 27 26
                                                                                                                                                                                                                                                                                      Data Ascii: GIF89a(('6300.,999L>2+)'.,*F8*?81L>040,:4.H<0H=20/.N>062.=2(J<.:61,++741M@3J:,2.*:5010.F:.>6.<4,D;2B:2B8/,*(666.-,*))>704.(F6&N@0C90@6,H:,)'&82,>4*42/B6+1,'D8,92*84/60**('D7*L<.J>183.20-0,)888H;.=5.**);;;G8*C:0F;0@7.41-0-*80(..-B7,:3,RB3PA472-.+('&
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1369INData Raw: 2d 4e 40 32 49 38 29 4e 3d 2e 4f 40 31 4b 3a 2a 4a 39 29 4e 3d 2d 41 38 30 4f 3f 2e 32 30 2f 3c 35 2f 51 40 30 4e 3e 2d 4d 3d 2c 4f 41 32 4b 3a 2b 45 3a 30 47 37 27 2d 2d 2c 4c 3c 2b 4b 3b 2a 4c 3b 2c 49 3a 2a 34 2d 28 4a 3b 2d 3a 3a 3a 48 39 2a 4d 3f 32 42 35 29 43 36 2a 4b 3c 2b 4d 3c 2d 49 3c 2e ff ff ff 21 f9 04 01 00 00 ff 00 2c 00 00 00 00 b0 04 82 00 00 08 ff 00 ab 08 1c 48 b0 20 41 28 55 10 26 34 c8 a2 a1 c3 87 00 00 d8 98 48 b1 80 c5 8b 21 e4 68 dc 18 a3 63 47 38 70 ea 99 08 43 12 0d 9a 2e 28 91 94 59 89 25 42 04 2d 5a e6 cc 61 c3 46 9f be 7d fb 6e e8 3c c0 53 88 90 65 40 7f 2e 13 46 f4 9d d1 13 48 4f fc 5b ca b4 a9 d3 a7 50 a3 4a 9d 4a b5 aa d5 ab 58 b3 6a dd ca b5 ab d7 af 60 c3 8a 1d 4b b6 ac d9 b3 68 d3 aa 5d cb b6 ad db b7 70 e3 ca 9d 4b f7
                                                                                                                                                                                                                                                                                      Data Ascii: -N@2I8)N=.O@1K:*J9)N=-A80O?.20/<5/Q@0N>-M=,OA2K:+E:0G7'--,L<+K;*L;,I:*4-(J;-:::H9*M?2B5)C6*K<+M<-I<.!,H A(U&4H!hcG8pC.(Y%B-ZaF}n<Se@.FHO[PJJXj`Kh]pK
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1369INData Raw: 4e f0 81 12 7d a2 fc 50 16 4b 19 bf 2e a2 52 7f fc 5b 25 19 5b f9 4a 34 ca 92 96 0e 84 e0 2d 2d 28 ff 47 bf d0 d1 54 c2 0c a8 40 07 4a d0 82 06 8c 98 80 44 a6 32 5b 58 48 67 1e 12 9a 89 94 26 0e a9 d9 c8 47 46 d2 7e 93 e4 e6 e6 be 79 91 70 5a 71 9c 9d f4 84 48 47 4a d2 91 02 e1 a4 9d 3c e9 49 1b c1 d2 96 36 a2 7d 75 8a 69 11 79 70 84 9a c2 01 03 38 35 41 16 76 9a 85 fd a5 a1 06 fe f3 c2 0c 66 f0 8c 33 08 d0 05 48 bd c2 15 d4 80 40 18 e8 44 06 b4 7c a1 54 e9 71 01 7b 5c e0 02 ac 68 47 05 5b 11 c7 21 19 c5 a0 60 0d ab 58 c7 4a 56 24 19 e5 1b 59 82 45 0a c5 d1 8a ac b2 a2 0d 17 68 83 55 e9 b1 82 0b 48 d5 a1 32 d0 49 53 d5 a0 54 a4 e2 d0 a8 cf 18 6a 50 6b e0 53 9e 66 c1 04 38 c5 00 1c 6a 7a 84 99 c6 34 a6 ec 73 69 4b 55 0a 84 94 9e b4 a4 98 cd 6c 66 55 6a d9
                                                                                                                                                                                                                                                                                      Data Ascii: N}PK.R[%[J4--(GT@JD2[XHg&GF~ypZqHGJ<I6}uiyp85Avf3H@D|Tq{\hG[!`XJV$YEhUH2ISTjPkSf8jz4siKUlfUj
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1369INData Raw: 05 7e 50 8b b6 b8 87 53 77 04 18 20 00 01 17 05 51 b0 53 0a 10 8c 35 20 05 c4 e8 05 2d 60 84 09 b7 04 0c d7 01 4a 75 05 4a a8 04 66 20 03 56 60 05 87 78 71 3e 70 8d 12 20 01 f6 f0 06 dc f8 0a af f0 06 de d8 06 9f e0 7d ac c0 56 59 f2 0d 91 98 8e ea b8 8e 77 f4 0d d0 b0 56 ac 10 0f 38 f7 09 af d0 0f d9 80 03 af 90 0d dc f8 06 12 c0 8f d7 e8 03 e6 37 8d 32 60 06 e8 b7 89 57 b0 8c c9 08 7a 33 d0 02 5e 40 8c 52 50 03 c1 a8 00 3b e5 8b 01 c7 8b b9 48 75 fd 66 8b b6 38 8b b1 98 75 b0 48 01 ad 18 92 22 29 92 af d8 91 f6 36 8b 1a 59 8b b8 f8 76 bc 98 58 be 08 8c c2 e8 90 c6 88 8c 09 b7 8c cd f8 8c d1 ff 38 8d d5 b8 02 ff 98 8d db d8 8d df 18 8e e3 e8 7d e6 68 72 ec 78 94 48 99 94 bd e3 8e f0 28 8f 9f 40 8f f6 88 8f fa c8 8d fd 28 01 ff 18 90 56 30 90 05 d9 8c 08
                                                                                                                                                                                                                                                                                      Data Ascii: ~PSw QS5 -`JuJf V`xq>p }VYwV872`Wz3^@RP;Huf8uH")6YvX8}hrxH(@(V0
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1369INData Raw: 7c 85 0f 3c b1 db fb b5 19 3b b6 1b 5b b6 17 8c ba e4 ab c1 24 7b be 70 7b b2 af 3b b7 21 3c c2 34 ab b7 a0 90 c5 5a bc c5 49 90 c5 21 cc be 79 90 b3 ef 1a af be d8 0d dd e0 c2 0e e9 04 4e a0 a8 3a a0 03 3f eb a8 3f 10 c7 f8 3a 06 95 5a 04 20 10 c0 56 f0 05 5f d0 b8 3e c0 00 9e ba 05 80 ec 06 db 80 0a 09 90 00 a8 e0 0b 82 00 0e 88 ff 3c b0 39 37 8e e2 00 0d 41 1c c9 92 8c 81 57 36 8f 9e eb 0b e4 50 08 85 a0 c8 a8 10 0d 86 4c c8 09 00 c8 5b e0 bd 0c 70 ac 7a cc b1 20 50 c7 63 90 ba 71 cc b6 23 db c6 8a aa c6 e8 6b c6 64 1c 05 62 cc ad 79 f0 c5 37 9b c5 5d bc c5 be fc cb 5a dc cb ba cc b2 61 7c cb 80 5a cb 66 8c c6 c4 a8 c6 6c ec c6 c3 0b c7 72 2c a9 74 5c a9 77 cc af 7a cc c7 7e 0c aa 81 3c c8 85 7c c8 89 bc c8 a6 da c8 e5 08 c9 93 5c ce e6 7c 78 95 fc 94
                                                                                                                                                                                                                                                                                      Data Ascii: |<;[${p{;!<4ZI!yN:??:Z V_><97AW6PL[pz Pcq#kdby7]Za|Zflr,t\wz~<|\|x
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1369INData Raw: db de ed 29 4e f6 90 6e f6 93 ae f2 36 7e ee a7 9f fd da 1f 2b a9 ff 0f ea ab 6f f3 f4 5e f7 a8 0e fb 3c 9f f7 3e bf f7 40 df f7 42 1f f8 5e 9e fb 47 bf fb 65 de fb be 9f 07 c0 1f fc 8b 30 fc 88 5f fc cc 2e f9 10 0e 10 10 20 38 71 d2 42 c7 c1 69 0b e2 c4 41 87 ee c7 0f 0e 1c c6 14 a1 c8 8b 17 88 14 29 ac 7c f9 b2 81 88 0f 1f fe 18 30 d8 b2 c5 4d 02 94 a8 50 45 8b f6 20 9a 4a 54 be 0a 91 13 24 e8 d5 ab 4f ac 8e fd e3 d9 d3 e7 4f a0 41 85 0e 25 5a d4 e8 51 a4 49 95 2e 65 da d4 e9 53 a8 51 a5 4e a5 5a d5 ea 55 ac 59 b5 6e e5 da d5 eb 57 b0 61 c5 8e 25 5b 16 e9 31 56 9f 6c 0a 02 a7 ae 90 b6 97 c8 a2 25 62 f9 92 25 4a 37 25 47 fa 03 49 64 03 47 2b 19 41 58 a4 58 64 4c c4 87 0d 17 2e 98 76 50 47 0b 82 02 8d 4c 9e ac a0 db e5 1d 99 a3 38 e0 dc d9 b3 83 3c a1 45
                                                                                                                                                                                                                                                                                      Data Ascii: )Nn6~+o^<>@B^Ge0_. 8qBiA)|0MPE JT$OOA%ZQI.eSQNZUYnWa%[1Vl%b%J7%GIdG+AXXdL.vPGL8<E
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1369INData Raw: 0c 81 18 c4 08 45 28 88 60 8a 91 34 a0 01 39 38 98 35 42 e5 8d 7c a0 20 1c 1b 65 04 fe 54 01 2c 64 98 a3 10 82 c8 46 36 3e 51 4c 94 a6 54 a5 2b 65 a9 90 78 05 32 73 38 c3 19 89 50 85 2a 18 d1 51 46 28 23 1c 1d f5 c6 2e 30 9a 0f 6b a4 2c 07 12 1d 89 29 88 d0 d0 85 0e 21 05 07 2d 07 41 05 5a 82 47 89 a1 51 19 e0 d6 34 68 a0 03 7c 06 00 02 f4 14 45 3c df f9 4e 76 ae f3 1c e7 3a 67 59 cb 49 4e 42 7c 73 18 dd 64 6b 5b bd 09 4e 71 92 d3 ac e7 4c 67 58 53 f1 55 77 c6 93 ab f6 c4 a7 3e f9 b9 00 7f 36 04 a0 cc 78 2a 41 0d 8a 50 85 32 d4 a1 10 65 80 44 29 fa 29 8b e6 03 ff a3 1a e5 a8 47 41 2a 52 92 9a b4 a5 9b e5 6c 67 3d fb d9 aa bc b4 10 31 9d 69 4d 6f ba 53 9d f2 d4 a7 a1 0a aa a7 86 da 80 a2 1e 35 14 49 5d 2a 36 9a da 8c a7 46 75 aa 55 bd 6a 56 b7 4a 4f af e2
                                                                                                                                                                                                                                                                                      Data Ascii: E(`4985B| eT,dF6>QLT+ex2s8P*QF(#.0k,)!-AZGQ4h|E<Nv:gYINB|sdk[NqLgXSUw>6x*AP2eD))GA*Rlg=1iMoS5I]*6FuUjVJO
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1369INData Raw: c0 37 44 40 39 a4 c3 79 b2 43 3c d4 c3 fc 63 c4 fa fb c3 45 ec 03 41 34 44 73 3c c4 51 18 c7 3f 04 47 fa 73 44 fe f3 bf 48 9c 27 02 2c 40 4a 6c c3 4b 24 85 08 9c c0 0a bc c0 0c dc c0 0e 0c 85 0f 0c 41 89 1a c5 13 cc 87 14 5c c1 16 7c c1 18 9c c1 1a 64 84 1b cc 41 41 d8 c1 5a 9c 48 8a ac 48 f6 b9 c5 ff 5c 3c c2 24 5c c2 26 7c c2 28 9c c2 2a bc c2 2c cc 85 2d ec c2 2f a4 85 30 1c c3 32 3c c3 12 48 c3 07 ac c6 05 bc c6 03 cc c6 3a 0c c0 6e b4 85 3d 64 c7 44 8c bf 71 2c c7 73 3c 47 41 54 c7 f9 d3 49 77 84 c4 00 94 44 7a 44 c0 4a 5c c0 7b cc 47 4d dc c7 4e f4 47 50 14 c8 11 2c c1 82 3c c8 53 4c c5 85 64 45 87 74 45 58 b4 48 b0 0c 4b b1 14 1b 8c 2c 42 8d e4 c5 8e 04 46 61 0c 49 63 1c c9 92 5c c6 66 54 49 68 94 46 6a 6c 43 99 8c c3 02 d4 46 51 e0 46 ff f3 46 fc
                                                                                                                                                                                                                                                                                      Data Ascii: 7D@9yC<cEA4Ds<Q?GsDH',@JlK$A\|dAAZHH\<$\&|(*,-/02<H:n=dDq,s<GATIwDzDJ\{GMNGP,<SLdEtEXHK,BFaIc\fTIhFjlCFQFF
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1369INData Raw: 1e 63 ce f2 61 cc 75 d8 b6 85 d8 ff b7 f5 5c b9 ad 58 10 7e 5e 11 de 58 12 9e de 73 bc 03 3b be 63 3c ae 83 47 78 84 f4 ab 83 3e b6 03 3f ae 03 41 1e e4 3a d8 83 42 de 03 44 0e 04 45 fe 03 46 d6 03 47 76 e4 7b aa 00 49 96 e4 4a a8 84 59 00 04 4c ce 80 09 c0 05 07 9c 84 49 b0 04 4b a0 40 0a 44 84 0b 8c 84 0f 38 65 0f 68 28 43 00 c1 5e 90 a8 58 d0 05 4c 38 41 0b 98 65 4d f8 85 43 b8 e5 64 b8 84 52 28 85 4b 50 04 27 5c c2 5b a8 41 57 44 85 91 22 63 63 3e 66 95 92 09 64 a0 a9 55 08 e6 41 a8 85 5a 50 04 26 90 66 6a e0 e5 4b 68 82 52 b8 e5 5f 20 c6 59 36 46 4c d0 85 58 90 a8 5e e0 42 43 68 28 0f 38 e5 0f 88 04 32 44 04 51 46 00 50 f6 e4 35 c4 85 09 c8 00 4c 06 84 59 a8 e4 49 96 e4 7b 7a 64 47 66 e4 3f 50 e4 40 40 64 44 2e 64 42 1e 64 40 3e 68 84 de e3 3a c0 63
                                                                                                                                                                                                                                                                                      Data Ascii: cau\X~^Xs;c<Gx>?A:BDEFGv{IJYLIK@D8eh(C^XL8AeMCdR(KP'\[AWD"cc>fdUAZP&fjKhR_ Y6FLX^BCh(82DQFP5LYI{zdGf?P@@dD.dBd@>h:c
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1369INData Raw: 7d c6 47 77 92 7f f3 c8 8f f5 c9 4f 7e fc cf 7f b2 58 fe 5d 07 88 4b 4d 4a 1d 3a f4 4b 93 85 84 d6 30 61 d2 15 ab 41 83 5e a6 0c 19 0a 15 ca c3 87 8c 91 22 21 42 84 e0 23 02 4b 96 26 4d 22 85 0b d7 84 0c 80 56 ce aa 54 a9 02 4c 98 01 02 e8 a9 59 f3 0f ce 40 3a f7 f0 dc 53 c7 67 9d a0 42 ed d4 21 6a c7 a8 9d 47 8f ea dc 69 ea f4 29 d4 a7 75 94 1e 2d 6a b4 a8 d0 ac 3e 7b ee d1 19 08 e7 1f 9b 35 67 c6 84 e9 72 d6 4a 40 19 26 9c 24 45 52 24 48 04 1d 37 66 fc e0 c1 22 45 53 bd 20 c6 d2 c5 d0 5a 42 0b 9a 7e 15 3c 94 ec 52 a9 52 97 14 ff 41 52 34 08 d2 ad 41 8c 56 25 4a 84 aa 90 a0 7f 9a 37 73 ee ec f9 33 e8 d0 a2 47 93 2e 6d fa 34 ea d4 aa 57 b3 6e ed fa 35 ec d8 b2 67 d3 ae 6d fb 36 ee dc ba 77 f3 ee ed fb 37 f0 e0 c2 87 9b f6 55 08 59 22 55 ab 22 0f aa 55 4b
                                                                                                                                                                                                                                                                                      Data Ascii: }GwO~X]KMJ:K0aA^"!B#K&M"VTLY@:SgB!jGi)u-j>{5grJ@&$ER$H7f"ES ZB~<RRAR4AV%J7s3G.m4Wn5gm6w7UY"U"UK


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      62192.168.2.849842104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:19 UTC679OUTGET /sites/all/themes/freshmade/img/help.gif HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/sites/all/themes/freshmade/style.css?s7978o
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC690INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:20 GMT
                                                                                                                                                                                                                                                                                      Content-Type: image/gif
                                                                                                                                                                                                                                                                                      Content-Length: 707
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 23 Jan 2013 20:50:30 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 16:15:44 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2183136
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qMy1ajCNy4Mw2LMqvu%2BMbwj4o%2B4goYqErjTit1DnoDeTC8rsMDzr70tAcmLpVz2MCiMFSzDheXY7g%2BmtjWFh3PaALe6svJgoPVuZldxM3qf3mtIJD1w29fuOEiMxenpSzpZioWAlQPSh6gVDpw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165e43f2442b5-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC679INData Raw: 47 49 46 38 39 61 22 01 27 00 d5 00 00 32 32 32 34 34 34 3a 3a 3a 4f 4f 4f 37 37 37 3b 3b 3b 4d 4d 4d 48 48 48 35 35 35 21 21 21 38 38 38 3f 3f 3f 2b 2b 2b 49 49 49 36 36 36 3e 3e 3e 44 44 44 4b 4b 4b 42 42 42 41 41 41 3c 3c 3c 20 20 20 30 30 30 45 45 45 43 43 43 47 47 47 4e 4e 4e 3d 3d 3d 40 40 40 24 24 24 2c 2c 2c 39 39 39 4a 4a 4a 2d 2d 2d 29 29 29 46 46 46 22 22 22 31 31 31 28 28 28 25 25 25 27 27 27 26 26 26 4c 4c 4c 50 50 50 33 33 33 1f 1f 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 f9 04 00 00 00 00 00 2c 00 00 00 00 22 01 27 00 00 06 ff 40 80 70 48 2c 1a 89 04 c9 c1 b0 6a 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf e0 95
                                                                                                                                                                                                                                                                                      Data Ascii: GIF89a"'222444:::OOO777;;;MMMHHH555!!!888???+++III666>>>DDDKKKBBBAAA<<< 000EEECCCGGGNNN===@@@$$$,,,999JJJ---)))FFF"""111(((%%%'''&&&LLLPPP333!,"'@pH,j:tJZvz
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC28INData Raw: 7c 6e 10 08 98 10 21 8c fd fb f8 f3 eb df cf bf bf ff 2c 11 4c 20 80 79 41 00 00 3b
                                                                                                                                                                                                                                                                                      Data Ascii: |n!,L yA;


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      63192.168.2.849843104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC685OUTGET /sites/all/themes/freshmade/img/navigation.gif HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/sites/all/themes/freshmade/style.css?s7978o
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC691INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:20 GMT
                                                                                                                                                                                                                                                                                      Content-Type: image/gif
                                                                                                                                                                                                                                                                                      Content-Length: 5195
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 23 Jan 2013 20:50:48 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 16:15:43 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2183137
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0bJccH1NaSb1mHVchdRGzep%2F0NzlBP2Wh8da8Vj0lE7rNfDPfnO181XODzfHqBOBiLjEGry8jQhvob8mf3rOdWsbdy4ez%2BsTjgubbImBcivNKCctF77HcG%2BhqA2KeHZFas9fb7tpXycOPVLVFA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165e4b8da4372-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC678INData Raw: 47 49 46 38 39 61 96 00 2e 00 f7 00 00 b7 6d 2b ba 70 2e c2 79 36 c1 78 35 b0 65 24 b6 6c 2a b2 67 26 bd 73 31 c0 77 34 bb 71 2f b2 68 26 b4 6a 28 b1 66 25 b9 6f 2d bf 76 33 b8 6e 2c bf 75 33 be 74 32 bc 72 30 b3 69 27 b5 6b 29 b1 67 25 b4 69 28 af 65 23 c2 78 36 c0 76 34 bd 74 31 bc 73 30 b3 68 27 be 75 32 c1 77 35 b0 66 24 ae 64 22 c3 79 37 c4 7a 38 be 74 31 b5 6a 29 ad 63 21 ac 62 20 c1 78 36 c5 7b 38 b4 69 27 ad 63 22 b0 66 25 be 75 33 b3 69 28 c4 7b 39 c0 77 35 ad 62 20 ac 62 21 c0 76 33 c4 7c 38 ad 61 20 c1 77 34 b6 6b 29 b5 6b 2a af 64 22 bf 76 34 af 65 24 c2 79 37 bb 72 2f b4 6a 29 bb 71 2e c3 7a 38 bd 74 32 b2 68 27 ba 71 2e c5 7c 38 ac 61 21 b0 65 23 c2 78 35 b9 70 2d b8 6d 2c b1 67 26 b6 6b 2a c3 79 36 b8 6e 2b b1 66 24 b2 67 25 ad 62 22 c5 7b
                                                                                                                                                                                                                                                                                      Data Ascii: GIF89a.m+p.y6x5e$l*g&s1w4q/h&j(f%o-v3n,u3t2r0i'k)g%i(e#x6v4t1s0h'u2w5f$d"y7z8t1j)c!b x6{8i'c"f%u3i({9w5b b!v3|8a w4k)k*d"v4e$y7r/j)q.z8t2h'q.|8a!e#x5p-m,g&k*y6n+f$g%b"{
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 f9 04 00 00 00 00 00 2c 00 00 00 00 96 00 2e 00 00 08 ff 00 79 09 1c 48 b0 a0 c1 83 08 13 2a 5c c8 b0 a1 c3 87 10 1d 02 9b 48 b1 a2 c5 8b 18 33 6a dc c8 b1 a3 c7 8f 20 43 86 74 61 05 d8 0c 14 28 80 41 31 89 52 e5 0c 95 c0 ac 0c 01 36 64 88 8b 9a 28 ac cc 98 31 d3 a5 8b 89 33 6e aa 24 69 05 65 cf 21 50 5c a4 fc 05 e5 d7 af 99 25 a1 d2 84 89 12 8a cc 94 31 81 02 73 01 65 e5 c4 21 45 51 04 ed 39 d1 4a c9 a7 14 51 fc 7c 09 65 86 15 92 c0 72 66 a5 59 94
                                                                                                                                                                                                                                                                                      Data Ascii: !,.yH*\H3j Cta(A1R6d(13n$ie!P\%1se!EQ9JQ|erfY
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1369INData Raw: 02 3a cc d2 96 9f b4 65 2b 23 a0 01 20 8c 00 08 11 18 c1 08 22 40 4f 20 c0 b3 9d f3 ac e7 3b 35 20 ff 4f 79 46 00 08 ed 8c e7 3e e3 79 cf 79 ce 13 9e 23 d0 40 40 d9 49 cf 86 fe 33 9f fe 24 28 3f f9 29 cf 76 f2 93 a0 f3 c4 67 3c d9 89 d0 77 66 14 a0 0d 4d e8 47 df 49 4f 88 1e 94 9d 09 75 e7 46 e5 09 4f 78 96 14 a2 ee 7c e7 01 66 3a 53 85 1e 40 03 35 9d 29 1a 34 80 86 03 70 61 a6 5c d8 e9 01 7a 4a 53 9b 6a a0 11 37 ad 29 4e 69 fa d3 a4 1e 35 a7 3f 45 ea 52 69 ca 54 a2 2e 75 aa 49 2d aa 4f 9d aa 55 34 d4 a2 11 8d 30 2a 4e c7 aa d0 a6 d2 74 03 3b b5 2a 52 b9 b0 d4 9d 36 95 a8 54 1d eb 01 1a c1 05 2e 48 00 16 68 95 c0 06 f4 ba 01 bb 4a 40 af 7f dd 2b 5f d1 5a 57 b4 6e 60 af 7a d0 ab 1f 0e eb 87 bf ea 61 af 3f 0d ec 61 25 c0 85 0d e8 e1 b1 7f 05 ec 01 02 2b 81
                                                                                                                                                                                                                                                                                      Data Ascii: :e+# "@O ;5 OyF>yy#@@I3$(?)vg<wfMGIOuFOx|f:S@5)4pa\zJSj7)Ni5?ERiT.uI-OU40*Nt;*R6T.HhJ@+_ZWn`za?a%+
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1369INData Raw: 02 7f 38 87 7b 48 02 5a f0 87 9f f8 86 81 e8 87 16 b0 00 0b d0 03 c0 88 09 c2 38 8c 5a b0 00 bf d8 03 16 f0 8b cb 88 09 c8 d8 03 ca 18 8c c0 38 8c d3 08 8c cc 28 8c a8 00 8d c1 68 01 c7 38 8d dc c8 8c dd f8 8b d5 88 8c e1 58 8c 16 80 09 bf 78 8c cb e8 8d c9 18 8e e2 28 8c dc b8 00 a8 80 8c 16 30 8f d5 68 8e e1 78 8f f1 c8 8c d5 a8 05 c7 58 8c d2 78 8c 13 30 90 29 60 01 03 39 01 29 d0 02 07 69 01 2d 50 90 0d 39 90 16 90 90 11 d9 02 06 49 91 08 a9 90 29 70 90 19 59 91 0d c9 90 15 99 02 20 89 91 0a 89 90 17 d9 02 0d 99 90 26 19 91 09 e9 90 06 49 90 cb 48 92 08 f9 92 0c f9 90 19 99 92 03 49 91 05 ff 29 91 2b 49 91 3c 89 91 35 c9 93 11 19 93 31 69 90 20 89 92 1b d9 91 41 c0 01 1c 30 90 41 a0 00 4a 99 94 49 a9 94 13 20 95 72 c0 01 51 99 94 85 e0 94 99 10 04 72
                                                                                                                                                                                                                                                                                      Data Ascii: 8{HZ8Z8(h8Xx(0hxXx0)`9)i-P9I)pY &IHI)+I<51i A0AJI rQr
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC410INData Raw: f0 04 61 c0 be fb 5b c4 46 ec be ed 6b c4 2e cc bf 45 4c c4 fb 1b c0 4a 9c c4 fb ab bf 43 5c c4 48 7c c4 ef db c4 51 4c c4 35 ec c4 fb 7b c5 5b 2c c5 56 dc be 48 5c bf 5e 3c c6 52 ac bf fb 2b c1 59 fc be fa cb be 60 2c c4 5f ec be 30 60 02 57 10 03 bd 60 02 bd 00 03 31 40 04 7b dc 0b 57 b0 c7 7c 0c 03 57 60 02 78 6c 02 34 10 03 30 ff b0 c8 bd 40 04 34 00 03 79 ec c8 34 b0 bf 44 10 c8 77 4c 03 44 10 0c 26 c0 c7 44 50 c7 fb 3b c8 80 fc c8 7b 7c c7 9e 6c 02 7a ac c7 c1 10 03 86 ac c4 57 40 03 8f 8c c7 7b dc c7 57 d0 c9 8a 0c c9 57 70 cb 44 a0 c7 9e 1c c9 99 8c c7 31 10 c8 8a 9c c8 93 1c 03 93 bc bf c1 40 c8 7b ec c8 75 4c 04 be bc c7 88 ac c8 57 10 0c 95 ec c8 b9 1c 0c 89 9c c7 c1 90 cd 88 dc 0b d6 dc cd 26 90 cb c6 9c cd da 9c ca d6 6c 02 d2 9c cd ad 4c 03
                                                                                                                                                                                                                                                                                      Data Ascii: a[Fk.ELJC\H|QL5{[,VH\^<R+Y`,_0`W`1@{W|W`xl40@4y4DwLD&DP;{|lzW@{WWpD1@{uLW&lL


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      64192.168.2.849845104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC869OUTGET /sites/all/themes/freshmade/img/footer-wrapper.gif HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/sites/all/themes/freshmade/style.css?s7978o
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC695INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:20 GMT
                                                                                                                                                                                                                                                                                      Content-Type: image/gif
                                                                                                                                                                                                                                                                                      Content-Length: 3177
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 23 Jan 2013 20:50:20 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 20 Oct 2024 20:13:03 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 1477697
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZOA12j7YqNnBUmK%2Fkicv7gsWv7ZzPX8KFxSaiOFkcBwWQL81r0gItW%2BEhuIr%2FhClg6z71qJpHRZC52lycr14neZIQZXC0sZ4as8Tfjrbq9DCEZbFx7YD1nOR2BebSJnvU%2FpKU77BkJ3equ%2B60A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165e4bb321839-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC674INData Raw: 47 49 46 38 39 61 e8 03 96 00 c4 1a 00 a6 a6 a6 a4 a4 a4 a7 a7 a7 a2 a2 a2 a8 a8 a8 a0 a0 a0 9e 9e 9e 9c 9c 9c 98 98 98 9b 9b 9b 9f 9f 9f 96 96 96 94 94 94 92 92 92 90 90 90 9a 9a 9a 99 99 99 a9 a9 a9 a5 a5 a5 a3 a3 a3 9d 9d 9d a1 a1 a1 97 97 97 95 95 95 93 93 93 91 91 91 ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 f9 04 01 00 00 1a 00 2c 00 00 00 00 e8 03 96 00 00 05 ff 20 21 08 00 10 04 c3 50 28 c6 91 40 c8 c2 34 8e 66 df 78 ae ef 7c ef ff c0 a0 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf 42 47 83 b1 40 40 12 07 83 a2 90 3a 95 46 04 11 c9 84 52 b1 5c 30 19 0d cc ef fb ff 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 43 62 64 66 68 6a 6c 03 6e 00 70 72 25 27 29 2b 2d 2f 31 33 35 8d a3 a4 a5 a6 a7 a8 a9 aa ab ac ad
                                                                                                                                                                                                                                                                                      Data Ascii: GIF89a!, !P(@4fx|pH,rl:tJZvzBG@@:FR\0Cbdfhjlnpr%')+-/135
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1369INData Raw: 68 62 14 21 8e d7 de 89 2c b6 e8 22 10 29 b2 67 df 8b 34 d6 d8 62 8c f5 d9 a8 e3 8e 27 e2 e8 1f 8f 40 06 59 a1 8f d2 09 69 e4 91 fa 11 69 20 92 4c 36 59 9e 92 1b 3a 29 e5 94 cc 41 39 22 95 58 66 79 9b 95 2b 6a e9 e5 97 a1 71 39 23 98 64 96 99 98 98 66 a6 a9 26 62 68 ae e9 e6 9b 6e b5 09 e7 9c 74 a6 c7 e0 33 25 c9 65 9c 86 57 d6 e9 e7 9f 33 c9 09 e8 a0 84 ba 24 68 a1 88 26 fa d0 a1 8a 36 ea 28 3e 8c 3e 2a e9 a4 e1 44 4a e9 a5 98 26 63 69 a6 9c 76 da ca a6 9e 86 2a 2a 86 77 9e 63 13 60 bb f5 57 e4 a8 ac b6 ba 4f a9 0e 5a 05 db 7a 39 ba 6a eb ad e5 c0 2a 11 59 a5 d1 f7 23 ae c0 06 fb 05 a8 c2 16 6b ac 13 c4 1e ab ec b2 44 24 cb ec b3 d0 ea e0 6c b4 d4 3e 3b 6d ff b5 d8 1a 7b 6d b6 dc e2 ba 6d b7 e0 b2 fa 6d b8 e4 76 3a 6e b9 e8 52 7a 6e ba ec 36 ba 6e bb f0
                                                                                                                                                                                                                                                                                      Data Ascii: hb!,")g4b'@Yii L6Y:)A9"Xfy+jq9#df&bhnt3%eW3$h&6(>>*DJ&civ**wc`WOZz9j*Y#kD$l>;m{mmmv:nRzn6n
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1134INData Raw: c8 e8 6a e1 db 5a 67 ce b7 a0 f5 1d 22 5b 13 30 5b da ba 75 bf 40 0e b2 90 87 4c e4 22 1b f9 c8 48 4e b2 92 97 cc e4 26 3b f9 c9 50 8e b2 94 a7 4c e5 2a 5b f9 ca 58 ce b2 96 b7 cc e5 2e 7b f9 cb 60 0e b3 98 c7 4c e6 32 9b 99 ca e8 05 6b 8b d9 0a 4b 18 8f 35 9b ee 35 ab 9c a9 81 47 67 7a 14 c7 39 d6 f1 7d 7b cc e2 3e fb f9 cf 80 0e b4 a0 07 4d e8 42 1b fa d0 88 4e b4 a2 17 cd e8 46 3b fa d1 90 8e ff b4 a4 27 4d e9 4a 5b fa d2 98 ce b4 a6 37 cd e9 4e 7b fa d3 a0 0e b5 a8 47 4d ea 49 f3 d8 b4 0b 7c b1 02 d6 e0 cf 09 34 34 ce 72 36 2b 9d eb 7c 82 88 16 b4 13 06 30 5f 6c d9 cc e6 53 fb fa d7 c0 0e b6 b0 87 4d ec 62 1b fb d8 c8 4e b6 b2 97 cd ec 66 3b fb d9 d0 8e b6 b4 a7 4d ed 6a 5b fb da d8 ce b6 b6 b7 cd ed 6e 7b fb db e0 0e b7 b8 c7 4d 6e 68 f3 9a ad b1 7d
                                                                                                                                                                                                                                                                                      Data Ascii: jZg"[0[u@L"HN&;PL*[X.{`L2kK55Ggz9}{>MBNF;'MJ[7N{GMI|44r6+|0_lSMbNf;Mj[n{Mnh}


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      65192.168.2.849844104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC574OUTGET /sites/all/modules/languageicons/flags/ru.png HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC686INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:20 GMT
                                                                                                                                                                                                                                                                                      Content-Type: image/png
                                                                                                                                                                                                                                                                                      Content-Length: 121
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Tue, 28 Oct 2014 12:45:43 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 20 Oct 2024 20:13:03 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 1477697
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wtmLAZB8N0ODDXqoCJLxt2BYT4rAdxwefsaBvcVO2Gf9Kr9165jc6RC8uc2pNHTuLNZq9XzY2pTl7zVJxLIveZiJNu6klwPVpegCkRra1%2Fku1sRNfipHABLyQ8s60XlaDIKTUZoB6azQNkrxaA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165e4df79433e-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC121INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 12 00 00 00 0c 02 03 00 00 00 12 7c 05 2f 00 00 00 09 50 4c 54 45 00 00 ff ff 00 00 ff ff ff f5 2f 2e 2e 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 16 49 44 41 54 08 5b 63 58 05 04 0b 18 30 49 5c 20 14 08 02 30 49 00 63 2d 13 b1 4e 81 eb 9a 00 00 00 00 49 45 4e 44 ae 42 60 82
                                                                                                                                                                                                                                                                                      Data Ascii: PNGIHDR|/PLTE/..pHYsIDAT[cX0I\ 0Ic-NIENDB`


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      66192.168.2.849846104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC574OUTGET /sites/all/modules/languageicons/flags/en.png HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC694INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:20 GMT
                                                                                                                                                                                                                                                                                      Content-Type: image/png
                                                                                                                                                                                                                                                                                      Content-Length: 210
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Tue, 28 Oct 2014 12:45:43 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 16:15:43 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2183137
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xsCJU2NWK%2BPBGNmzyteXNikJPJKxrnu77v%2B52tS7nu4OjUAEHlAAXYfZu%2BAq6E9Ea%2B7ySqkqCrVU8%2F8w5UCMu5iNYaaadf6IFqJOFYLslrDDMWsDBRsQU5ooLadRlFlkHcaIx0n56cH865FT7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165e53c1e177c-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC210INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 18 00 00 00 0c 04 03 00 00 00 8a 1e 60 46 00 00 00 27 50 4c 54 45 00 24 7d 1d 3d 8c 26 45 91 cf 14 2b db 50 62 de 66 76 a0 90 b2 ed a7 af cb c2 d5 f3 c5 ca f5 d0 d5 f7 d6 da fc f1 f3 ff cd 76 26 00 00 00 04 67 49 46 67 00 00 00 0a 7c 59 ed 53 00 00 00 56 49 44 41 54 08 d7 63 f0 3c a1 c0 c0 b0 d9 9a 81 81 31 d5 93 21 15 c4 03 72 80 ec 13 60 42 61 b3 35 98 02 4b 9f d8 6c 0d 61 af 02 81 62 73 30 c5 60 8c 04 50 39 28 ca 18 98 7a a6 84 6d b6 06 12 02 10 b6 c0 66 6b 30 c5 00 26 80 96 82 78 0c 60 69 90 73 80 3c 00 f5 b6 31 25 09 2a 1b 73 00 00 00 00 49 45 4e 44 ae 42 60 82
                                                                                                                                                                                                                                                                                      Data Ascii: PNGIHDR`F'PLTE$}=&E+Pbfvv&gIFg|YSVIDATc<1!r`Ba5Klabs0`P9(zmfk0&x`is<1%*sIENDB`


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      67192.168.2.849847104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC580OUTGET /sites/all/themes/freshmade/img/content-wrapper.gif HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC693INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:20 GMT
                                                                                                                                                                                                                                                                                      Content-Type: image/gif
                                                                                                                                                                                                                                                                                      Content-Length: 1401
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 23 Jan 2013 20:50:17 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 16:15:43 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2183137
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vf23qmqKozRQ57m9vSdIPQI92Os9Xu4x8cd9DwxXzA5djb1f3S%2B95rR0blDUw2kdot%2B6ftCLLmwBtu%2Btyiyzf0U2CfY0AluhpvwhaQ%2FIo18zLkWQgawvvDEy9fnOmIhd0gES3drUDxGC56sH3w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165e6a9605e68-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC676INData Raw: 47 49 46 38 39 61 e8 03 96 00 c4 00 00 f3 f3 f3 f1 f1 f1 ee ee ee df df df e4 e4 e4 dd dd dd f4 f4 f4 d2 d2 d2 ef ef ef ec ec ec e8 e8 e8 e2 e2 e2 e6 e6 e6 d5 d5 d5 eb eb eb e9 e9 e9 d8 d8 d8 db db db ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 f9 04 00 00 00 00 00 2c 00 00 00 00 e8 03 96 00 00 05 ff a0 01 00 41 80 08 89 f3 28 0c b1 0c 45 04 35 87 64 df 78 ae ef 7c ef ff c0 a0 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf c2 43 03 12 29 0c 16 04 86 e2 e1 48 08 10 a5 91 41 44 32 a1 54 2c 17 4c 46 03 fb ff 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 8d 8e 43 62 64 66 68 6a 6c 6e 70 01 72 74 25 27 29 2b 2d 2f 31 33 35 8f a5 a6 a7 a8 a9 aa ab ac ad
                                                                                                                                                                                                                                                                                      Data Ascii: GIF89a!,A(E5dx|pH,rl:tJZvzC)HAD2T,LFCbdfhjlnprt%')+-/135
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC725INData Raw: 7b f6 95 a8 e2 8a 2c 4a 71 62 7d ff b5 28 e3 8c 34 06 f1 a2 7f 08 d6 a8 e3 8e 34 de 78 60 84 3c 06 29 a4 88 3e 42 38 e4 91 48 72 58 e4 76 49 36 e9 64 82 4b 66 f8 e4 94 54 be 17 65 88 55 66 a9 a5 75 57 a6 b8 e5 97 60 02 d7 65 8c 61 96 69 a6 69 63 e6 78 e6 9a 6c 3a 96 26 90 6d c6 29 27 5f 6f ce 69 e7 9d 71 d5 89 e7 9e 7c 7e a5 67 9f 80 06 4a d4 9f 82 16 6a 28 4c 84 1e aa e8 a2 11 25 ca e8 a3 90 ee e3 68 a4 94 56 da 20 6d ea e0 14 99 78 28 92 69 e9 a7 a0 2e 33 69 a8 a4 96 0a cb a8 a6 a6 aa aa 87 98 d6 85 d5 70 0f 32 b9 ea ac b4 3a 82 6a ad b8 e6 ea c7 ad ba f6 ea eb 15 bc fe 2a ec b0 82 b5 4a 91 59 ce 19 68 24 b1 cc 36 eb 44 b0 ce 46 2b ad 0e d0 4e 6b 6d ff b4 d5 5e ab ed b0 d9 6e eb ad ae dd 7e 2b ee ac e1 8e 6b 6e a9 e5 9e ab ae a5 e9 ae eb ee a3 ed be 2b
                                                                                                                                                                                                                                                                                      Data Ascii: {,Jqb}(44x`<)>B8HrXvI6dKfTeUfuW`eaiicxl:&m)'_oiq|~gJj(L%hV mx(i.3ip2:j*JYh$6DF+Nkm^n~+kn+


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      68192.168.2.849848104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC585OUTGET /sites/all/themes/freshmade/img/navigation-wrapper-2.gif HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC690INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:20 GMT
                                                                                                                                                                                                                                                                                      Content-Type: image/gif
                                                                                                                                                                                                                                                                                      Content-Length: 3065
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 23 Jan 2013 20:50:45 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 03 Nov 2024 00:41:51 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 338369
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kb2GXvgd4meONXuC0bQaJOjTwjwsq5gy%2BSo2JEoZeitGqCs5F7VAFKCpQ0iSuQdizxd23lp6oJ1j0kcd557mFjAC4myEvkUvBzEZOJIBKHl8brP9kq6WVmcu%2BPkgorga%2BelnxUJnqRvzPPK5Dw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165e6ae8172b9-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC679INData Raw: 47 49 46 38 39 61 e8 03 2e 00 f7 ff 00 a1 61 29 a5 5d 1f 9d 5a 20 a5 66 2d a2 60 26 b5 72 34 9e 5c 21 aa 60 20 bf 78 37 98 56 1d 9a 57 1e ac 62 22 a7 60 22 f2 9a 4c b0 66 25 a0 5e 24 be 76 34 bb 74 33 b5 6c 2a a1 5b 1e bc 76 36 ae 64 24 ad 66 27 bb 7a 42 b9 73 33 ba 72 30 cb 85 48 a6 5e 20 c1 72 2a b9 70 2f b8 6e 2d ba 74 34 b4 6c 2c ae 66 26 c3 7b 38 bc 73 31 b4 71 32 a1 5c 1f b1 6a 2c b0 68 28 b4 6f 30 be 78 37 aa 6a 30 b6 6f 2d a3 5c 1f b8 70 30 ae 68 2a b1 6a 2a ac 6a 2e b7 6e 2c b0 67 26 a8 62 24 b4 6a 29 b2 68 28 b6 70 30 9f 5a 1e da 8a 45 d4 86 43 b8 74 35 ba 73 32 b2 6c 2c ae 6c 30 b0 69 2a b0 6e 32 95 54 1c ac 6c 31 ab 64 25 b5 6a 27 a7 5e 1f a8 68 2f b2 6e 31 aa 67 2c a8 67 2c c9 83 47 af 6b 2e d5 8b 4b bc 6e 28 aa 63 24 a5 63 28 ae 6b 2e b2 6d
                                                                                                                                                                                                                                                                                      Data Ascii: GIF89a.a)]Z f-`&r4\!` x7VWb"`"Lf%^$v4t3l*[v6d$f'zBs3r0H^ r*p/n-t4l,f&{8s1q2\j,h(o0x7j0o-\p0h*j*j.n,g&b$j)h(p0ZECt5s2l,l0i*n2Tl1d%j'^h/n1g,g,Gk.Kn(c$c(k.m
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1369INData Raw: b3 6b 2a 94 53 1c 9d 5e 26 9c 5b 23 b5 6e 2e ba 76 35 b6 6d 2e b5 72 33 97 58 20 ad 69 2e ab 6c 30 af 69 2b b6 73 35 b1 6e 2f b0 67 27 a7 64 27 a3 5f 23 ac 65 25 94 53 1b 94 54 1b bd 75 33 9d 59 1e 95 55 1d b2 69 29 ae 67 27 aa 63 25 99 5a 22 ab 61 21 97 57 20 9d 5d 26 b8 71 31 be 76 33 b8 70 2e ff ff ff 21 f9 04 01 00 00 ff 00 2c 00 00 00 00 e8 03 2e 00 00 08 ff 00 1b 08 14 c8 8d 5b 14 29 52 b2 2d eb e6 ec ca 15 1c 38 72 e4 f8 47 b1 a2 c5 8b 18 33 6a dc c8 b1 a3 c7 8f 20 43 8a 1c 49 b2 a4 c9 93 28 53 aa 5c c9 b2 a5 cb 97 30 63 ca 9c 49 b3 a6 cd 9b 38 73 ea dc c9 b3 27 48 89 10 1d 3a eb b6 2c 1b c2 28 05 07 0a 14 c1 34 58 30 5b 08 d8 b0 29 c6 4a 87 ba 02 d1 52 65 ba 06 ab 8e cf af 60 c3 8a 1d 4b b6 ac d9 b3 68 d3 aa 5d cb b6 ad db b7 21 eb c0 ba 96 29 55
                                                                                                                                                                                                                                                                                      Data Ascii: k*S^&[#n.v5m.r3X i.l0i+s5n/g'd'_#e%STu3YUi)g'c%Z"a!W ]&q1v3p.!,.[)R-8rG3j CI(S\0cI8s'H:,(4X0[)JRe`Kh]!)U
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1017INData Raw: 27 d8 61 98 6a f4 c1 0b e6 b0 4a 67 aa 52 02 73 98 43 3d a6 69 0f 0b 3c 72 96 66 c8 e6 03 22 c1 ff 4d 70 fa f3 9f 00 ed d1 23 22 f1 00 72 16 a2 1d 76 98 c2 14 2c 20 88 13 28 32 9e ed a4 c1 2a eb 41 d1 13 d8 23 16 16 d0 85 2e ec 90 4f 7d fe a2 9f 01 0d a9 48 47 ba 9e 70 10 b4 a0 d3 30 83 1d 34 6a 01 7b 34 f4 04 14 95 28 0d 66 5a 8f 13 9c 80 1d ec 08 81 05 08 a1 0b 30 d8 61 1a 71 70 c7 03 3e 1a 0e 92 1a f5 a8 48 0d 4e 38 1e f1 80 82 c6 61 1a ab 00 03 18 16 1a 02 76 d8 f4 04 34 ad 41 3d 6a 60 53 76 d8 a3 0f 42 10 c2 3d 56 01 09 a0 72 61 a8 e1 d8 43 52 d7 ca d6 b6 52 66 0f 8f f8 c5 03 b8 10 87 38 c8 e2 1e 60 20 04 21 fa 60 8f 10 d8 94 a2 35 e0 ea 09 64 90 d3 9d 0a a1 0b ab 90 05 50 dd c1 85 5f 18 20 1c da 70 ab 64 27 4b 59 b2 e0 23 1c 06 90 ab 3b e2 00 09 59
                                                                                                                                                                                                                                                                                      Data Ascii: 'ajJgRsC=i<rf"Mp#"rv, (2*A#.O}HGp04j{4(fZ0aqp>HN8av4A=j`SvB=VraCRRf8` !`5dP_ pd'KY#;Y


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      69192.168.2.849850104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC584OUTGET /sites/all/libraries/superfish/images/arrows-ffffff.png HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC691INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:20 GMT
                                                                                                                                                                                                                                                                                      Content-Type: image/png
                                                                                                                                                                                                                                                                                      Content-Length: 250
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 23 Jan 2013 20:45:42 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 03 Nov 2024 00:41:51 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 338369
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VxEgvi35Xpeys2TbrAPh0piKT0rATQdqU7aRzpoEbN%2F6VgdsStrE3t9rNtiQfMn0F23AWTw1ykMh0%2BXQ7MAxgD1ZjguiveWBBg%2FCEsYbylTr5yrgGuRXhGZWnOmAYLE%2BXNXTQOFQIn1ITm0lgg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165e6ad06de9b-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC250INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 14 00 00 00 6e 08 06 00 00 00 27 30 33 aa 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 00 9c 49 44 41 54 78 da ec d9 51 0a 80 30 08 80 e1 94 8e b4 fb 9f a0 3b 19 8b 9e 62 9b ce 0a 22 7e 5f 86 43 3f 86 b0 27 c5 cc 96 27 43 2f f9 16 ec b3 28 78 1b d5 4e 71 1a d5 41 71 0a 55 a7 78 1a f5 c0 12 04 25 02 4e 63 23 30 85 f5 c0 34 76 5c be fd 53 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ff 08 ae e7 19 d9 74 d7 ad ae 45 5f 58 02 58 0d 71 ea 44 1b 4d 3d 6c 71 50 69 cd b0 38 79 0f 1d ee e8 4b 70 0c d2 c2 bf bf 01 df 05 18 00 85 2e 17 45 26 fa 51 fe 00 00 00 00 49 45 4e 44 ae 42 60 82
                                                                                                                                                                                                                                                                                      Data Ascii: PNGIHDRn'03tEXtSoftwareAdobe ImageReadyqe<IDATxQ0;b"~_C?''C/(xNqAqUx%Nc#04v\StE_XXqDM=lqPi8yKp.E&QIENDB`


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      70192.168.2.849849104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC571OUTGET /sites/all/themes/freshmade/img/header.gif HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC698INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:20 GMT
                                                                                                                                                                                                                                                                                      Content-Type: image/gif
                                                                                                                                                                                                                                                                                      Content-Length: 800
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 23 Jan 2013 20:50:28 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 20 Oct 2024 08:46:47 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 1518873
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H18rcveURjKB52xGb%2Bps1iTz78ojjO3Ag%2FiMi4TUZIcH0BJdgi1gfz5OeIyaxdDHoP%2B99QyVvnIRN5le9KdcnzUXkjG%2B%2BHe5MII%2Fb2b0DuAspUl8jq4bqRiNCQx4ml2yDFPq%2Bot72JoDyWMMpw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165e6afcec340-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC671INData Raw: 47 49 46 38 39 61 96 00 82 00 b3 00 00 27 27 27 29 29 29 2a 2a 2a 2e 2e 2e 2b 2b 2b 28 28 28 2c 2c 2c 2d 2d 2d 30 30 30 2f 2f 2f 31 31 31 32 32 32 33 33 33 00 00 00 00 00 00 00 00 00 21 f9 04 00 00 00 00 00 2c 00 00 00 00 96 00 82 00 00 04 ff 10 c8 49 ab bd 38 eb cd bb ff 60 28 8e 64 69 9e 68 a1 ae 6c eb be 70 2c cf 74 6d df 78 ae ef 7c ef ff c0 a0 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 e8 33 40 ad 5a af d8 ac 76 cb ed 7a bf e0 b0 78 4c 2e 9b cf e8 b4 7a cd 6e bb df f0 b8 7c 4e bf 0a ee f8 bc 7e cf ef fb ff 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 8d 8e 8f 90 91 92 93 94 95 96 97 98 99 9a 9b 9c 9d 9e 9c 04 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c6 06 cb cc cd ce cf d0 d1 d2 d3
                                                                                                                                                                                                                                                                                      Data Ascii: GIF89a''')))***...+++(((,,,---000///111222333!,I8`(dihlp,tmx|pH,rl:3@ZvzxL.zn|N~
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC129INData Raw: 29 e4 90 44 16 69 e4 91 48 26 a9 e4 92 4c 36 e9 e4 93 50 46 29 e5 94 54 56 69 e5 95 58 66 a9 e5 96 5c 76 e9 e5 97 60 86 29 e6 98 64 96 69 e6 99 68 a6 a9 e6 9a 6c b6 e9 e6 9b 70 c6 29 e7 9c 74 d6 69 e7 9d 78 e6 a9 e7 9e 7c f6 e9 e7 9f 80 06 2a e8 a0 84 16 6a e8 a1 88 26 aa e8 a2 8c 36 ea e8 a3 90 46 2a e9 a4 94 56 6a e9 a5 98 66 aa e9 a6 9c 76 ea e9 a7 a0 86 2a ea a8 a4 5e 19 01 00 3b
                                                                                                                                                                                                                                                                                      Data Ascii: )DiH&L6PF)TViXf\v`)dihlp)tix|*j&6F*Vjfv*^;


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      71192.168.2.849851157.240.26.27443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC645OUTGET /v/t39.30808-6/303280254_411128561164160_6605626465690304584_n.jpg?stp=dst-jpg_s526x395&_nc_cat=106&ccb=1-7&_nc_sid=4cb600&_nc_ohc=1I2yrbFI2LYQ7kNvgEsGWmR&_nc_ht=scontent-msp1-1.xx&edm=AEDRbFQEAAAA&_nc_gid=A4syIzp1y9Bx-a7cihdwta0&oh=00_AYCdJGOufY8qZigevwZ9U0PHjEqRvLbmQ_sPWeanTh1Z5w&oe=670A27D3 HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: scontent-msp1-1.xx.fbcdn.net
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC581INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      x-additional-error-detail:
                                                                                                                                                                                                                                                                                      Last-Modified: Sat, 10 Sep 2022 00:32:13 GMT
                                                                                                                                                                                                                                                                                      X-Needle-Checksum: 961577928
                                                                                                                                                                                                                                                                                      Content-Type: image/jpeg
                                                                                                                                                                                                                                                                                      content-digest: adler32=4133468394
                                                                                                                                                                                                                                                                                      cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                                                      timing-allow-origin: *
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=1209600, no-transform
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:20 GMT
                                                                                                                                                                                                                                                                                      X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=30, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 15587
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1INData Raw: ff
                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC15586INData Raw: d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ed 00 84 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 68 1c 02 28 00 62 46 42 4d 44 30 61 30 30 30 61 36 66 30 31 30 30 30 30 32 63 30 38 30 30 30 30 33 39 30 66 30 30 30 30 31 65 31 30 30 30 30 30 32 39 31 31 30 30 30 30 65 36 31 38 30 30 30 30 33 38 32 33 30 30 30 30 64 61 32 35 30 30 30 30 63 35 32 36 30 30 30 30 63 65 32 37 30 30 30 30 65 33 33 63 30 30 30 30 00 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28
                                                                                                                                                                                                                                                                                      Data Ascii: JFIFPhotoshop 3.08BIMh(bFBMD0a000a6f0100002c080000390f00001e10000029110000e618000038230000da250000c5260000ce270000e33c0000C%# , #&')*)-0-(0%()(C(((((((((((((((


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      72192.168.2.849852157.240.251.9443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC581OUTGET /rsrc.php/v3/yF/r/p55HfXW__mM.js HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: static.xx.fbcdn.net
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      Origin: https://www.facebook.com
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                      Referer: https://www.facebook.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1942INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Content-Type: application/x-javascript; charset=utf-8
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                                                                                                                                                                                                                      content-md5: dZ324YE0DvCnahurRX67Ig==
                                                                                                                                                                                                                                                                                      Expires: Sun, 05 Oct 2025 01:46:31 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: public,max-age=31536000,immutable
                                                                                                                                                                                                                                                                                      report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                                                                                      timing-allow-origin: *
                                                                                                                                                                                                                                                                                      document-policy: force-load-at-top
                                                                                                                                                                                                                                                                                      permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                                                                                                                                                                                                                                                      cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                                                                                      origin-agent-cluster: ?1
                                                                                                                                                                                                                                                                                      X-FB-Debug: Lc9aKHID+FGFYLKiWy7K8EebGF9KDsQOunEDuz7REuG955n6YXOGyUBDwD3PYqqk8KOfl018+QRg6rxtB/0gbw==
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:20 GMT
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: https://www.facebook.com
                                                                                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                                                                                      X-FB-Connection-Quality: GOOD; q=0.7, rtt=84, rtx=0, c=14, mss=1392, tbw=3409, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 507
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1INData Raw: 3b
                                                                                                                                                                                                                                                                                      Data Ascii: ;
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC506INData Raw: 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 2f 2a 2a 0a 20 2a 20 4c 69 63 65 6e 73 65 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 6c 65 67 61 6c 2f 6c 69 63 65 6e 73 65 2f 56 39 76 64 59 43 6f 6c 63 34 6b 2f 0a 20 2a 2f 0a 5f 5f 64 28 22 72 65 61 63 74 2d 30 2e 30 2e 30 22 2c 5b 22 52 65 61 63 74 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 61 28 61 29 7b 72 65 74 75 72 6e 20 61 26 26 74 79 70 65 6f 66 20 61 3d 3d 3d 22 6f 62 6a 65 63 74 22 26 26 22 64 65 66 61 75 6c 74 22 69 6e 20 61 3f 61 5b 22 64 65 66 61 75 6c 74 22 5d 3a 61 7d 76 61 72 20 67 3d 61 28 62 28 22 52 65 61 63 74 22 29 29 3b 64 3d 7b 7d 3b 76 61
                                                                                                                                                                                                                                                                                      Data Ascii: /*FB_PKG_DELIM*//** * License: https://www.facebook.com/legal/license/V9vdYColc4k/ */__d("react-0.0.0",["React"],(function(a,b,c,d,e,f){"use strict";function a(a){return a&&typeof a==="object"&&"default"in a?a["default"]:a}var g=a(b("React"));d={};va


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      73192.168.2.849854157.240.251.9443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC374OUTGET /rsrc.php/v3/y3/r/Vvet8_5H-wT.js HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: static.xx.fbcdn.net
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1929INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                      Content-Type: application/x-javascript; charset=utf-8
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                                                                                                                                                                                                                      content-md5: k4hf2pugwnbPFbr0OAwJhw==
                                                                                                                                                                                                                                                                                      Expires: Sat, 04 Oct 2025 09:08:25 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: public,max-age=31536000,immutable
                                                                                                                                                                                                                                                                                      report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                                                                                      timing-allow-origin: *
                                                                                                                                                                                                                                                                                      document-policy: force-load-at-top
                                                                                                                                                                                                                                                                                      permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                                                                                                                                                                                                                                                      cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                                                                                      origin-agent-cluster: ?1
                                                                                                                                                                                                                                                                                      X-FB-Debug: hNoriPskVX2pAvqnnS550N7ah0KHBdAwcRMs4mlj8tPYtvaehejFkqiuco7L3I6mrx2OoRViDjmkQajFjjjqfA==
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:20 GMT
                                                                                                                                                                                                                                                                                      X-FB-Connection-Quality: GOOD; q=0.7, rtt=84, rtx=0, c=14, mss=1392, tbw=3408, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 7219
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC1INData Raw: 3b
                                                                                                                                                                                                                                                                                      Data Ascii: ;
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC7218INData Raw: 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 5f 5f 64 28 22 42 61 6e 7a 61 69 22 2c 5b 22 63 72 3a 37 33 38 33 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 67 5b 22 64 65 66 61 75 6c 74 22 5d 3d 62 28 22 63 72 3a 37 33 38 33 22 29 7d 29 2c 39 38 29 3b 0a 5f 5f 64 28 22 45 76 65 6e 74 45 6d 69 74 74 65 72 57 69 74 68 56 61 6c 69 64 61 74 69 6f 6e 22 2c 5b 22 42 61 73 65 45 76 65 6e 74 45 6d 69 74 74 65 72 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 62 61 62 65 6c 48 65 6c 70 65 72 73 2e 69 6e 68 65 72 69 74 73 4c 6f 6f 73 65 28 62 2c 61 29 3b 66 75 6e 63 74 69 6f 6e 20 62 28 62 2c 63 29 7b 76 61
                                                                                                                                                                                                                                                                                      Data Ascii: /*FB_PKG_DELIM*/__d("Banzai",["cr:7383"],(function(a,b,c,d,e,f,g){g["default"]=b("cr:7383")}),98);__d("EventEmitterWithValidation",["BaseEventEmitter"],(function(a,b,c,d,e,f){"use strict";a=function(a){babelHelpers.inheritsLoose(b,a);function b(b,c){va


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      74192.168.2.849856157.240.26.27443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:20 UTC883OUTGET /v/t39.30808-1/305658665_411128564497493_3948090867100769521_n.jpg?stp=cp0_dst-jpg_s50x50&_nc_cat=110&ccb=1-7&_nc_sid=6738e8&_nc_ohc=ILFttH4rPpYQ7kNvgEXQC67&_nc_ht=scontent-msp1-1.xx&edm=AEDRbFQEAAAA&_nc_gid=A4syIzp1y9Bx-a7cihdwta0&oh=00_AYA9WCkZOMo01cK7VhGgG8y9efecxW6MGJWI6xwYX39svg&oe=670A2166 HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: scontent-msp1-1.xx.fbcdn.net
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                      Referer: https://www.facebook.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC580INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      x-additional-error-detail:
                                                                                                                                                                                                                                                                                      Last-Modified: Sat, 10 Sep 2022 00:32:13 GMT
                                                                                                                                                                                                                                                                                      X-Needle-Checksum: 945752733
                                                                                                                                                                                                                                                                                      Content-Type: image/jpeg
                                                                                                                                                                                                                                                                                      content-digest: adler32=3505093760
                                                                                                                                                                                                                                                                                      cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                                                      timing-allow-origin: *
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=1209600, no-transform
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:21 GMT
                                                                                                                                                                                                                                                                                      X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=30, rtx=0, c=14, mss=1392, tbw=3409, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 1280
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1INData Raw: ff
                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1279INData Raw: d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ed 00 84 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 68 1c 02 28 00 62 46 42 4d 44 30 61 30 30 30 61 36 61 30 31 30 30 30 30 63 36 30 31 30 30 30 30 33 61 30 32 30 30 30 30 36 30 30 32 30 30 30 30 39 61 30 32 30 30 30 30 32 62 30 33 30 30 30 30 61 61 30 33 30 30 30 30 65 30 30 33 30 30 30 30 30 62 30 34 30 30 30 30 34 32 30 34 30 30 30 30 30 30 30 35 30 30 30 30 00 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28
                                                                                                                                                                                                                                                                                      Data Ascii: JFIFPhotoshop 3.08BIMh(bFBMD0a000a6a010000c60100003a020000600200009a0200002b030000aa030000e00300000b0400004204000000050000C%# , #&')*)-0-(0%()(C(((((((((((((((


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      75192.168.2.849857157.240.251.9443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC385OUTGET /rsrc.php/v3issO4/yc/l/en_US/YYUppJnv9Es.js HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: static.xx.fbcdn.net
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1931INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                      Content-Type: application/x-javascript; charset=utf-8
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                                                                                                                                                                                                                      content-md5: BqvU7Gp2bgoXfv1YA//mvw==
                                                                                                                                                                                                                                                                                      Expires: Mon, 06 Oct 2025 09:29:15 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: public,max-age=31536000,immutable
                                                                                                                                                                                                                                                                                      report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                                                                                      timing-allow-origin: *
                                                                                                                                                                                                                                                                                      document-policy: force-load-at-top
                                                                                                                                                                                                                                                                                      permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                                                                                                                                                                                                                                                      cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                                                                                      origin-agent-cluster: ?1
                                                                                                                                                                                                                                                                                      X-FB-Debug: Ut+3XEA/DawYEAj47PtFvZBL1Ay3zXSv8mDzb8gdJQGSXobVXK0P2FKuMWEQ8z719yEaTAL1omcbosNi+lgqWA==
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:21 GMT
                                                                                                                                                                                                                                                                                      X-FB-Connection-Quality: GOOD; q=0.7, rtt=84, rtx=0, c=14, mss=1392, tbw=3409, tp=-1, tpl=-1, uplat=19, ullat=-1
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 33942
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1INData Raw: 3b
                                                                                                                                                                                                                                                                                      Data Ascii: ;
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC15861INData Raw: 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 5f 5f 64 28 22 4d 61 6e 61 67 65 64 45 72 72 6f 72 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 62 61 62 65 6c 48 65 6c 70 65 72 73 2e 69 6e 68 65 72 69 74 73 4c 6f 6f 73 65 28 62 2c 61 29 3b 66 75 6e 63 74 69 6f 6e 20 62 28 62 2c 63 29 7b 76 61 72 20 64 3b 64 3d 61 2e 63 61 6c 6c 28 74 68 69 73 2c 62 21 3d 3d 6e 75 6c 6c 26 26 62 21 3d 3d 76 6f 69 64 20 30 3f 62 3a 22 22 29 7c 7c 74 68 69 73 3b 62 21 3d 3d 6e 75 6c 6c 26 26 62 21 3d 3d 76 6f 69 64 20 30 3f 64 2e 6d 65 73 73 61 67 65 3d 62 3a 64 2e 6d 65 73 73 61 67 65 3d 22 22 3b 64 2e 69 6e 6e 65 72 45 72 72 6f 72 3d 63 3b 72 65 74 75 72 6e 20 64 7d 72 65 74 75 72 6e 20
                                                                                                                                                                                                                                                                                      Data Ascii: /*FB_PKG_DELIM*/__d("ManagedError",[],(function(a,b,c,d,e,f){a=function(a){babelHelpers.inheritsLoose(b,a);function b(b,c){var d;d=a.call(this,b!==null&&b!==void 0?b:"")||this;b!==null&&b!==void 0?d.message=b:d.message="";d.innerError=c;return d}return
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC16384INData Raw: 63 2c 65 3d 62 2e 67 65 74 51 75 65 75 65 4e 61 6d 65 53 75 66 66 69 78 28 29 2c 66 3d 24 28 65 29 3b 77 68 69 6c 65 28 63 3d 62 2e 64 65 71 75 65 75 65 49 74 65 6d 28 29 29 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 76 61 72 20 67 3d 63 2e 69 74 65 6d 3b 5a 28 67 29 3f 28 64 28 22 46 61 6c 63 6f 55 74 69 6c 73 22 29 2e 62 75 6d 70 4f 44 53 4d 65 74 72 69 63 73 28 63 2e 69 74 65 6d 2e 6e 61 6d 65 2c 22 65 76 65 6e 74 2e 69 6e 66 6f 2e 75 70 6c 6f 61 64 5f 6d 65 74 68 6f 64 2e 73 74 72 65 61 6d 69 6e 67 2e 6c 6f 67 5f 63 72 69 74 69 63 61 6c 22 2c 31 29 2c 59 28 29 2c 67 2e 6c 6f 67 43 72 69 74 69 63 61 6c 3d 21 30 2c 21 46 3f 28 66 26 26 28 67 2e 69 64 65 6e 74 69 74 79 3d 66 29 2c 4f 28 5b 5b 62 2c 63 5d 5d 2c 22 65 76 65 6e 74 2e 6e 6f 6e 5f 63 72 69 74 69
                                                                                                                                                                                                                                                                                      Data Ascii: c,e=b.getQueueNameSuffix(),f=$(e);while(c=b.dequeueItem())(function(c){var g=c.item;Z(g)?(d("FalcoUtils").bumpODSMetrics(c.item.name,"event.info.upload_method.streaming.log_critical",1),Y(),g.logCritical=!0,!F?(f&&(g.identity=f),O([[b,c]],"event.non_criti
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1696INData Raw: 6e 74 22 29 7d 63 61 74 63 68 28 61 29 7b 7d 7d 7d 3b 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6d 65 73 73 61 67 65 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 64 28 22 4c 6f 67 22 29 2e 64 65 62 75 67 28 22 50 6c 75 67 69 6e 58 44 52 65 61 64 79 20 61 74 20 22 2b 77 69 6e 64 6f 77 2e 6e 61 6d 65 2b 22 20 72 65 63 65 69 76 65 64 20 6d 65 73 73 61 67 65 20 22 2b 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 61 2e 64 61 74 61 2e 6d 65 73 73 61 67 65 29 29 3b 69 66 28 61 2e 64 61 74 61 2e 78 64 41 72 62 69 74 65 72 53 79 6e 29 64 28 22 53 65 63 75 72 65 50 6f 73 74 4d 65 73 73 61 67 65 22 29 2e 73 65 6e 64 4d 65 73 73 61 67 65 41 6c 6c 6f 77 41 6e 79 4f 72 69 67 69 6e 5f 55 4e 53 41 46 45 28 61 2e 73 6f 75 72 63 65 2c 7b 78 64
                                                                                                                                                                                                                                                                                      Data Ascii: nt")}catch(a){}}};window.addEventListener("message",function(a){d("Log").debug("PluginXDReady at "+window.name+" received message "+JSON.stringify(a.data.message));if(a.data.xdArbiterSyn)d("SecurePostMessage").sendMessageAllowAnyOrigin_UNSAFE(a.source,{xd


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      76192.168.2.849858157.240.251.9443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC374OUTGET /rsrc.php/v3/yV/r/fZu5tZNIUeX.js HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: static.xx.fbcdn.net
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1930INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                      Content-Type: application/x-javascript; charset=utf-8
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                                                                                                                                                                                                                      content-md5: ZSGFUSoLppfnG954VG7ryg==
                                                                                                                                                                                                                                                                                      Expires: Sat, 04 Oct 2025 09:08:25 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: public,max-age=31536000,immutable
                                                                                                                                                                                                                                                                                      report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                                                                                      timing-allow-origin: *
                                                                                                                                                                                                                                                                                      document-policy: force-load-at-top
                                                                                                                                                                                                                                                                                      permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                                                                                                                                                                                                                                                      cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                                                                                      origin-agent-cluster: ?1
                                                                                                                                                                                                                                                                                      X-FB-Debug: Is1Nt3CUILsfIlz2LwRjRGEMOJTKx797fQxpROH5T5CKw7vGfDHY1UVIyv/P942yOQEQt3unMa08qeotaqGbIQ==
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:21 GMT
                                                                                                                                                                                                                                                                                      X-FB-Connection-Quality: GOOD; q=0.7, rtt=84, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=3, ullat=-1
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 30864
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1INData Raw: 3b
                                                                                                                                                                                                                                                                                      Data Ascii: ;
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC15873INData Raw: 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 5f 5f 64 28 22 42 61 6e 7a 61 69 4c 6f 67 67 65 72 22 2c 5b 22 63 72 3a 39 39 38 39 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 66 75 6e 63 74 69 6f 6e 20 68 28 61 29 7b 72 65 74 75 72 6e 7b 6c 6f 67 3a 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 62 28 22 63 72 3a 39 39 38 39 22 29 2e 70 6f 73 74 28 22 6c 6f 67 67 65 72 3a 22 2b 63 2c 64 2c 61 29 7d 2c 63 72 65 61 74 65 3a 68 7d 7d 61 3d 68 28 29 3b 63 3d 61 3b 67 5b 22 64 65 66 61 75 6c 74 22 5d 3d 63 7d 29 2c 39 38 29 3b 0a 5f 5f 64 28 22 42 65 68 61 76 69 6f 72 73 4d 69 78 69 6e 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 76 61 72 20 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b
                                                                                                                                                                                                                                                                                      Data Ascii: /*FB_PKG_DELIM*/__d("BanzaiLogger",["cr:9989"],(function(a,b,c,d,e,f,g){function h(a){return{log:function(c,d){b("cr:9989").post("logger:"+c,d,a)},create:h}}a=h();c=a;g["default"]=c}),98);__d("BehaviorsMixin",[],(function(a,b,c,d,e,f){var g=function(){
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC14990INData Raw: 42 4c 6f 67 67 65 72 22 29 28 22 6c 61 79 65 72 22 29 2e 77 61 72 6e 28 22 4e 6f 20 72 6f 6f 74 20 6e 6f 64 65 20 66 6f 72 20 74 68 69 73 20 4c 61 79 65 72 2e 20 49 74 20 68 61 73 20 65 69 74 68 65 72 20 6e 6f 74 20 79 65 74 20 62 65 65 6e 20 73 65 74 20 6f 72 20 74 68 65 20 4c 61 79 65 72 20 68 61 73 20 62 65 65 6e 20 64 65 73 74 72 6f 79 65 64 2e 20 20 54 68 69 73 20 6c 61 79 65 72 20 68 61 73 20 62 65 65 6e 20 64 65 73 74 72 6f 79 65 64 2e 22 29 3a 63 28 22 46 42 4c 6f 67 67 65 72 22 29 28 22 6c 61 79 65 72 22 29 2e 77 61 72 6e 28 22 4e 6f 20 72 6f 6f 74 20 6e 6f 64 65 20 66 6f 72 20 74 68 69 73 20 4c 61 79 65 72 2e 20 49 74 20 68 61 73 20 70 72 6f 62 61 62 6c 79 20 6e 6f 74 20 62 65 65 6e 20 73 65 74 2e 22 29 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e
                                                                                                                                                                                                                                                                                      Data Ascii: BLogger")("layer").warn("No root node for this Layer. It has either not yet been set or the Layer has been destroyed. This layer has been destroyed."):c("FBLogger")("layer").warn("No root node for this Layer. It has probably not been set."));return this.


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                      77192.168.2.849864157.240.251.9443
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC385OUTGET /rsrc.php/v3i7M54/yL/l/en_US/xKY8pb0-fD_.js HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: static.xx.fbcdn.net
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1931INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                      Content-Type: application/x-javascript; charset=utf-8
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                                                                                                                                                                                                                      content-md5: JvsytMTn6YXqW6R29QBm2g==
                                                                                                                                                                                                                                                                                      Expires: Mon, 06 Oct 2025 09:29:15 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: public,max-age=31536000,immutable
                                                                                                                                                                                                                                                                                      report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                                                                                      timing-allow-origin: *
                                                                                                                                                                                                                                                                                      document-policy: force-load-at-top
                                                                                                                                                                                                                                                                                      permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                                                                                                                                                                                                                                                      cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                                                                                      origin-agent-cluster: ?1
                                                                                                                                                                                                                                                                                      X-FB-Debug: t3RfrcXhxwq3MLesREqXv1sxVXE5QgBmhsYFDKT72dBgy4WiZ6tb8WKqKb4gMJ4IQurU+YzwYra7t1E8MnTGCg==
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:21 GMT
                                                                                                                                                                                                                                                                                      X-FB-Connection-Quality: GOOD; q=0.7, rtt=84, rtx=0, c=14, mss=1392, tbw=3408, tp=-1, tpl=-1, uplat=3, ullat=-1
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 156474
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1INData Raw: 3b
                                                                                                                                                                                                                                                                                      Data Ascii: ;
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC15859INData Raw: 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 5f 5f 64 28 22 41 72 62 69 74 65 72 46 72 61 6d 65 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 61 3d 7b 69 6e 66 6f 72 6d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3d 70 61 72 65 6e 74 2e 66 72 61 6d 65 73 2c 65 3d 64 2e 6c 65 6e 67 74 68 2c 66 3b 62 2e 63 72 6f 73 73 46 72 61 6d 65 3d 21 30 3b 66 6f 72 28 76 61 72 20 67 3d 30 3b 67 3c 65 3b 67 2b 2b 29 7b 66 3d 64 5b 67 5d 3b 74 72 79 7b 69 66 28 21 66 7c 7c 66 3d 3d 77 69 6e 64 6f 77 29 63 6f 6e 74 69 6e 75 65 3b 66 2e 72 65 71 75 69 72 65 3f 66 2e 72 65 71 75 69 72 65 28 22 41 72 62 69 74 65 72 22 29 2e 69 6e 66 6f 72 6d 28 61 2c 62 2c 63 29 3a 66 2e 53 65 72 76 65 72 4a 53 41 73 79 6e
                                                                                                                                                                                                                                                                                      Data Ascii: /*FB_PKG_DELIM*/__d("ArbiterFrame",[],(function(a,b,c,d,e,f){a={inform:function(a,b,c){var d=parent.frames,e=d.length,f;b.crossFrame=!0;for(var g=0;g<e;g++){f=d[g];try{if(!f||f==window)continue;f.require?f.require("Arbiter").inform(a,b,c):f.ServerJSAsyn
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC16384INData Raw: 22 72 65 74 75 72 6e 22 2c 74 68 69 73 2e 24 37 29 3b 63 61 73 65 20 31 3a 63 61 73 65 22 65 6e 64 22 3a 72 65 74 75 72 6e 20 61 2e 73 74 6f 70 28 29 7d 7d 2c 6e 75 6c 6c 2c 74 68 69 73 29 7d 3b 72 65 74 75 72 6e 20 61 7d 28 29 3b 66 5b 22 64 65 66 61 75 6c 74 22 5d 3d 61 7d 29 2c 36 36 29 3b 0a 5f 5f 64 28 22 6d 69 78 69 6e 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 66 75 6e 63 74 69 6f 6e 20 61 28 29 7b 76 61 72 20 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 62 3d 30 2c 63 3b 77 68 69 6c 65 28 62 3c 30 7c 7c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3c 3d 62 3f 76 6f 69 64 20 30 3a 61 72 67 75 6d 65 6e 74 73 5b 62 5d 29 7b 63 3d 62 3c 30 7c 7c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3c 3d 62 3f 76
                                                                                                                                                                                                                                                                                      Data Ascii: "return",this.$7);case 1:case"end":return a.stop()}},null,this)};return a}();f["default"]=a}),66);__d("mixin",[],(function(a,b,c,d,e,f){function a(){var a=function(){},b=0,c;while(b<0||arguments.length<=b?void 0:arguments[b]){c=b<0||arguments.length<=b?v
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC16384INData Raw: 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 65 5b 61 5d 7c 7c 61 7d 29 2e 6a 6f 69 6e 28 22 22 29 2e 74 72 69 6d 28 29 29 3b 66 3d 66 2e 72 65 70 6c 61 63 65 28 2f 5e 5b 5e 5c 64 5d 2a 5c 2d 2f 2c 22 5c 78 30 32 22 29 3b 66 3d 66 2e 72 65 70 6c 61 63 65 28 6b 2c 22 22 29 3b 61 3d 62 28 22 65 73 63 61 70 65 52 65 67 65 78 22 29 28 63 29 3b 63 3d 62 28 22 65 73 63 61 70 65 52 65 67 65 78 22 29 28 64 29 3b 64 3d 6a 28 22 5e 5b 5e 5c 5c 64 5d 2a 5c 5c 64 2e 2a 22 2b 61 2b 22 2e 2a 5c 5c 64 5b 5e 5c 5c 64 5d 2a 24 22 29 3b 69 66 28 21 64 2e 74 65 73 74 28 66 29 29 7b 64 3d 6a 28 22 28 5e 5b 5e 5c 5c 64 5d 2a 29 22 2b 61 2b 22 28 5c 5c 64 2a 5b 5e 5c 5c 64 5d 2a 24 29 22 29 3b 69 66 28 64 2e 74 65 73 74 28 66 29 29 7b 66 3d 66 2e 72 65 70 6c 61 63 65 28 64 2c 22 24
                                                                                                                                                                                                                                                                                      Data Ascii: on(a){return e[a]||a}).join("").trim());f=f.replace(/^[^\d]*\-/,"\x02");f=f.replace(k,"");a=b("escapeRegex")(c);c=b("escapeRegex")(d);d=j("^[^\\d]*\\d.*"+a+".*\\d[^\\d]*$");if(!d.test(f)){d=j("(^[^\\d]*)"+a+"(\\d*[^\\d]*$)");if(d.test(f)){f=f.replace(d,"$
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC16384INData Raw: 22 44 65 66 65 72 72 65 64 22 29 29 28 29 3b 65 2e 70 75 73 68 28 62 2e 67 65 74 50 72 6f 6d 69 73 65 28 29 29 3b 72 65 74 75 72 6e 20 63 28 22 54 69 6d 65 53 6c 69 63 65 22 29 2e 67 75 61 72 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 61 26 26 63 28 22 63 6c 65 61 72 54 69 6d 65 6f 75 74 22 29 28 61 29 2c 62 2e 72 65 73 6f 6c 76 65 28 29 7d 2c 22 41 73 79 6e 63 52 65 71 75 65 73 74 44 69 73 70 6c 61 79 42 6c 6f 63 6b 69 6e 67 45 76 65 6e 74 22 2c 7b 70 72 6f 70 61 67 61 74 69 6f 6e 54 79 70 65 3a 63 28 22 54 69 6d 65 53 6c 69 63 65 22 29 2e 50 72 6f 70 61 67 61 74 69 6f 6e 54 79 70 65 2e 45 58 45 43 55 54 49 4f 4e 7d 29 7d 3b 61 2e 68 61 6e 64 6c 65 28 62 2c 7b 62 69 67 50 69 70 65 43 6f 6e 74 65 78 74 3a 7b 72 65 67 69 73 74 65 72 54 6f 42 6c 6f 63 6b 44 69
                                                                                                                                                                                                                                                                                      Data Ascii: "Deferred"))();e.push(b.getPromise());return c("TimeSlice").guard(function(){a&&c("clearTimeout")(a),b.resolve()},"AsyncRequestDisplayBlockingEvent",{propagationType:c("TimeSlice").PropagationType.EXECUTION})};a.handle(b,{bigPipeContext:{registerToBlockDi
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1500INData Raw: 69 6e 67 28 29 2e 69 6e 63 6c 75 64 65 73 28 22 2f 2e 2e 2f 22 29 7c 7c 74 68 69 73 2e 75 72 69 2e 74 6f 53 74 72 69 6e 67 28 29 2e 69 6e 63 6c 75 64 65 73 28 22 5c 5c 2e 2e 2f 22 29 7c 7c 74 68 69 73 2e 75 72 69 2e 74 6f 53 74 72 69 6e 67 28 29 2e 69 6e 63 6c 75 64 65 73 28 22 2f 2e 2e 5c 5c 22 29 7c 7c 74 68 69 73 2e 75 72 69 2e 74 6f 53 74 72 69 6e 67 28 29 2e 69 6e 63 6c 75 64 65 73 28 22 5c 5c 2e 2e 5c 5c 22 29 29 72 65 74 75 72 6e 21 31 3b 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 74 68 69 73 2e 64 61 74 61 2c 63 28 22 67 65 74 41 73 79 6e 63 50 61 72 61 6d 73 22 29 28 74 68 69 73 2e 6d 65 74 68 6f 64 29 29 3b 28 70 7c 7c 28 70 3d 63 28 22 69 73 45 6d 70 74 79 22 29 29 29 28 74 68 69 73 2e 63 6f 6e 74 65 78 74 29 7c 7c 28 4f 62 6a 65 63 74 2e 61 73
                                                                                                                                                                                                                                                                                      Data Ascii: ing().includes("/../")||this.uri.toString().includes("\\../")||this.uri.toString().includes("/..\\")||this.uri.toString().includes("\\..\\"))return!1;Object.assign(this.data,c("getAsyncParams")(this.method));(p||(p=c("isEmpty")))(this.context)||(Object.as
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC14884INData Raw: 6e 63 52 65 71 75 65 73 74 2e 73 65 6e 64 22 29 3b 69 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 65 2e 74 72 61 6e 73 70 6f 72 74 3b 61 26 26 61 2e 72 65 61 64 79 53 74 61 74 65 3e 3d 32 26 26 61 2e 72 65 61 64 79 53 74 61 74 65 3c 3d 33 26 26 65 2e 5f 68 61 6e 64 6c 65 46 6c 75 73 68 65 64 52 65 73 70 6f 6e 73 65 28 29 3b 69 2e 72 65 61 64 79 53 74 61 74 65 3d 3d 3d 34 26 26 65 2e 63 6f 6e 74 69 6e 75 61 74 69 6f 6e 2e 6c 61 73 74 28 65 2e 5f 6f 6e 53 74 61 74 65 43 68 61 6e 67 65 29 7d 3b 74 68 69 73 2e 70 72 6f 67 72 65 73 73 48 61 6e 64 6c 65 72 26 26 78 28 69 29 26 26 28 69 2e 6f 6e 70 72 6f 67 72 65 73 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 61 3d 61 72 67 75
                                                                                                                                                                                                                                                                                      Data Ascii: ncRequest.send");i.onreadystatechange=function(){var a=e.transport;a&&a.readyState>=2&&a.readyState<=3&&e._handleFlushedResponse();i.readyState===4&&e.continuation.last(e._onStateChange)};this.progressHandler&&x(i)&&(i.onprogress=function(){for(var a=argu
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC16384INData Raw: 2c 61 2e 6c 65 6e 67 74 68 29 3b 28 67 7c 7c 28 67 3d 62 28 22 57 65 62 53 74 6f 72 61 67 65 22 29 29 29 2e 73 65 74 49 74 65 6d 47 75 61 72 64 65 64 28 63 2c 6a 2b 62 28 22 57 65 62 53 65 73 73 69 6f 6e 22 29 2e 67 65 74 49 64 28 29 2b 22 2e 22 2b 28 69 7c 7c 28 69 3d 62 28 22 70 65 72 66 6f 72 6d 61 6e 63 65 41 62 73 6f 6c 75 74 65 4e 6f 77 22 29 29 29 28 29 2c 62 28 22 63 72 3a 38 39 35 38 22 29 2e 73 74 72 69 6e 67 69 66 79 28 64 29 29 7d 7d 3b 65 2e 65 78 70 6f 72 74 73 3d 61 7d 29 2c 6e 75 6c 6c 29 3b 0a 5f 5f 64 28 22 51 75 65 72 79 53 74 72 69 6e 67 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 66 75 6e 63 74 69 6f 6e 20 67 28 61 29 7b 76 61 72 20 62 3d 5b 5d 3b 4f 62 6a 65 63 74 2e 6b 65 79 73 28 61 29 2e 73
                                                                                                                                                                                                                                                                                      Data Ascii: ,a.length);(g||(g=b("WebStorage"))).setItemGuarded(c,j+b("WebSession").getId()+"."+(i||(i=b("performanceAbsoluteNow")))(),b("cr:8958").stringify(d))}};e.exports=a}),null);__d("QueryString",[],(function(a,b,c,d,e,f){function g(a){var b=[];Object.keys(a).s
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC16384INData Raw: 69 67 67 65 72 3a 61 7d 5d 3b 62 28 22 63 72 3a 32 30 33 37 22 29 2e 73 65 6e 64 28 6e 2e 5f 70 72 65 70 46 6f 72 54 72 61 6e 73 69 74 28 63 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 6b 2e 5f 5f 6d 65 74 61 2e 73 74 61 74 75 73 3d 28 69 7c 7c 28 69 3d 62 28 22 42 61 6e 7a 61 69 43 6f 6e 73 74 73 22 29 29 29 2e 50 4f 53 54 5f 53 45 4e 54 2c 6b 2e 5f 5f 6d 65 74 61 2e 63 61 6c 6c 62 61 63 6b 26 26 6b 2e 5f 5f 6d 65 74 61 2e 63 61 6c 6c 62 61 63 6b 28 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 62 28 22 42 61 6e 7a 61 69 55 74 69 6c 73 22 29 2e 72 65 74 72 79 50 6f 73 74 28 6a 2c 61 2c 6c 29 7d 2c 21 30 29 3b 69 66 28 21 66 29 72 65 74 75 72 6e 7d 6c 2e 70 75 73 68 28 6a 29 3b 28 6e 2e 5f 73 63 68 65 64 75 6c 65 28 65 29 7c 7c 21 6d 29 26 26 28 6d 3d 61 29 7d
                                                                                                                                                                                                                                                                                      Data Ascii: igger:a}];b("cr:2037").send(n._prepForTransit(c),function(){k.__meta.status=(i||(i=b("BanzaiConsts"))).POST_SENT,k.__meta.callback&&k.__meta.callback()},function(a){b("BanzaiUtils").retryPost(j,a,l)},!0);if(!f)return}l.push(j);(n._schedule(e)||!m)&&(m=a)}
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC14884INData Raw: 65 74 75 70 44 65 6c 65 67 61 74 69 6f 6e 28 21 30 29 7d 2c 31 30 30 29 3b 72 65 74 75 72 6e 7d 69 66 28 69 2e 61 6c 72 65 61 64 79 53 65 74 75 70 29 72 65 74 75 72 6e 3b 69 2e 61 6c 72 65 61 64 79 53 65 74 75 70 3d 21 30 3b 76 61 72 20 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 63 3d 69 2e 67 65 74 4d 61 79 62 65 4c 79 6e 78 4c 69 6e 6b 28 61 2e 74 61 72 67 65 74 29 3b 69 66 28 21 63 29 72 65 74 75 72 6e 3b 76 61 72 20 64 3d 63 5b 30 5d 3b 63 3d 63 5b 31 5d 3b 76 61 72 20 65 3d 63 2c 66 3d 6e 65 77 28 67 7c 7c 28 67 3d 62 28 22 55 52 49 22 29 29 29 28 63 2e 68 72 65 66 29 2c 6a 3b 69 66 28 62 28 22 4c 69 6e 6b 73 68 69 6d 48 61 6e 64 6c 65 72 43 6f 6e 66 69 67 22 29 2e 67 68 6c 5f 70 61 72 61 6d 5f 6c 69 6e 6b 5f 73 68 69 6d 26 26 64 21 3d 3d
                                                                                                                                                                                                                                                                                      Data Ascii: etupDelegation(!0)},100);return}if(i.alreadySetup)return;i.alreadySetup=!0;var c=function(a){var c=i.getMaybeLynxLink(a.target);if(!c)return;var d=c[0];c=c[1];var e=c,f=new(g||(g=b("URI")))(c.href),j;if(b("LinkshimHandlerConfig").ghl_param_link_shim&&d!==


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      78192.168.2.849860157.240.251.9443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC374OUTGET /rsrc.php/v3/yw/r/u5OMVLVnVwH.js HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: static.xx.fbcdn.net
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1932INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                      Content-Type: application/x-javascript; charset=utf-8
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                                                                                                                                                                                                                      content-md5: BcxVwUffHkyDMNPsEpuBDA==
                                                                                                                                                                                                                                                                                      Expires: Sun, 05 Oct 2025 02:02:19 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: public,max-age=31536000,immutable
                                                                                                                                                                                                                                                                                      report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                                                                                      timing-allow-origin: *
                                                                                                                                                                                                                                                                                      document-policy: force-load-at-top
                                                                                                                                                                                                                                                                                      permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                                                                                                                                                                                                                                                      cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                                                                                      origin-agent-cluster: ?1
                                                                                                                                                                                                                                                                                      X-FB-Debug: y1lwgg7ymUmnNcQDN3Mt7Ibxb+uOI2+2EkUW3e/muDRnuFtAaS2bnV/HF4GhqfNDHT1ozGnMCkPGJIbgv3BEhw==
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:21 GMT
                                                                                                                                                                                                                                                                                      X-FB-Connection-Quality: GOOD; q=0.7, rtt=97, rtx=0, c=14, mss=1392, tbw=3408, tp=-1, tpl=-1, uplat=14, ullat=-1
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 356051
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1INData Raw: 3b
                                                                                                                                                                                                                                                                                      Data Ascii: ;
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC15870INData Raw: 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 67 6c 6f 62 61 6c 54 68 69 73 7c 7c 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 73 65 6c 66 7c 7c 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 67 6c 6f 62 61 6c 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 41 62 6f 72 74 43 6f 6e 74 72 6f 6c 6c 65 72 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 29 72 65 74 75 72 6e 3b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 61 28 29 7b 74 68 69 73 2e 5f 5f 6c 69 73 74 65 6e
                                                                                                                                                                                                                                                                                      Data Ascii: /*FB_PKG_DELIM*/"use strict";(function(){var a=typeof globalThis!=="undefined"&&globalThis||typeof self!=="undefined"&&self||typeof global!=="undefined"&&global;if(typeof a.AbortController!=="undefined")return;var b=function(){function a(){this.__listen
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC16384INData Raw: 75 6d 65 72 61 62 6c 65 3d 64 2e 65 6e 75 6d 65 72 61 62 6c 65 7c 7c 21 31 3b 64 2e 63 6f 6e 66 69 67 75 72 61 62 6c 65 3d 21 30 3b 22 76 61 6c 75 65 22 69 6e 20 64 26 26 28 64 2e 77 72 69 74 61 62 6c 65 3d 21 30 29 3b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 61 2c 64 2e 6b 65 79 2c 64 29 7d 7d 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 62 2c 63 2c 64 29 7b 63 26 26 61 28 62 2e 70 72 6f 74 6f 74 79 70 65 2c 63 29 3b 64 26 26 61 28 62 2c 64 29 3b 72 65 74 75 72 6e 20 62 7d 7d 28 29 3b 62 2e 69 6e 68 65 72 69 74 73 4c 6f 6f 73 65 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 61 2c 62 29 3b 61 2e 70 72 6f 74 6f 74 79 70 65 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 62 26 26 62 2e 70 72
                                                                                                                                                                                                                                                                                      Data Ascii: umerable=d.enumerable||!1;d.configurable=!0;"value"in d&&(d.writable=!0);Object.defineProperty(a,d.key,d)}}return function(b,c,d){c&&a(b.prototype,c);d&&a(b,d);return b}}();b.inheritsLoose=function(a,b){Object.assign(a,b);a.prototype=Object.create(b&&b.pr
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC16384INData Raw: 74 68 3b 61 2b 2b 29 74 68 69 73 2e 24 32 5b 61 5d 2e 72 65 6d 6f 76 65 28 29 3b 74 68 69 73 2e 24 32 2e 6c 65 6e 67 74 68 3d 30 7d 2c 74 68 69 73 2e 24 31 3d 61 2c 74 68 69 73 2e 24 32 3d 62 7d 76 61 72 20 62 3d 61 2e 70 72 6f 74 6f 74 79 70 65 3b 62 2e 69 73 46 6f 72 41 72 62 69 74 65 72 49 6e 73 74 61 6e 63 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 24 31 7c 7c 68 28 30 2c 32 35 30 36 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 24 31 3d 3d 3d 61 7d 3b 72 65 74 75 72 6e 20 61 7d 28 29 3b 67 5b 22 64 65 66 61 75 6c 74 22 5d 3d 61 7d 29 2c 39 38 29 3b 0a 5f 5f 64 28 22 70 65 72 66 6f 72 6d 61 6e 63 65 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 62 3d 61 2e 70 65 72
                                                                                                                                                                                                                                                                                      Data Ascii: th;a++)this.$2[a].remove();this.$2.length=0},this.$1=a,this.$2=b}var b=a.prototype;b.isForArbiterInstance=function(a){this.$1||h(0,2506);return this.$1===a};return a}();g["default"]=a}),98);__d("performance",[],(function(a,b,c,d,e,f){"use strict";b=a.per
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC16384INData Raw: 6e 20 20 20 20 61 74 20 3c 70 72 6f 6d 69 73 65 5f 73 65 74 74 6c 65 64 5f 73 74 61 63 6b 5f 62 65 6c 6f 77 3e 5c 6e 22 2b 69 2e 73 65 74 74 6c 65 64 53 74 61 63 6b 3a 22 22 29 2b 28 69 21 3d 6e 75 6c 6c 26 26 74 79 70 65 6f 66 20 69 2e 63 72 65 61 74 65 64 53 74 61 63 6b 3d 3d 3d 22 73 74 72 69 6e 67 22 3f 22 5c 6e 20 20 20 20 61 74 20 3c 70 72 6f 6d 69 73 65 5f 63 72 65 61 74 65 64 5f 73 74 61 63 6b 5f 62 65 6c 6f 77 3e 5c 6e 22 2b 69 2e 63 72 65 61 74 65 64 53 74 61 63 6b 3a 22 22 29 7d 63 61 74 63 68 28 61 29 7b 7d 62 2e 72 65 70 6f 72 74 45 72 72 6f 72 28 65 29 3b 61 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 7d 66 75 6e 63 74 69 6f 6e 20 41 61 28 62 29 7b 24 3d 62 2c 74 79 70 65 6f 66 20 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72
                                                                                                                                                                                                                                                                                      Data Ascii: n at <promise_settled_stack_below>\n"+i.settledStack:"")+(i!=null&&typeof i.createdStack==="string"?"\n at <promise_created_stack_below>\n"+i.createdStack:"")}catch(a){}b.reportError(e);a.preventDefault()}function Aa(b){$=b,typeof a.addEventListener
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1500INData Raw: 2c 74 68 69 73 29 7d 3b 63 2e 72 65 6c 65 61 73 65 45 76 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 26 26 62 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 6c 65 61 73 65 45 76 65 6e 74 2e 63 61 6c 6c 28 74 68 69 73 2c 61 29 7d 3b 72 65 74 75 72 6e 20 61 7d 28 63 28 22 45 76 65 6e 74 48 6f 6c 64 65 72 22 29 29 3b 6c 2e 63 61 6c 6c 28 6c 29 3b 61 3d 6c 3b 67 5b 22 64 65 66 61 75 6c 74 22 5d 3d 61 7d 29 2c 39 38 29 3b 0a 5f 5f 64 28 22 42 69 67 50 69 70 65 49 6e 73 74 61 6e 63 65 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 67 3d 6e 75 6c 6c 3b 61 3d 7b 45 76 65 6e 74 73 3a 7b 69 6e 69 74 3a 22 42 69 67 50 69 70 65 2f 69 6e 69 74 22 2c 74 74 69 3a 22 74 74 69 5f 62 69
                                                                                                                                                                                                                                                                                      Data Ascii: ,this)};c.releaseEvent=function(a){a&&b.prototype.releaseEvent.call(this,a)};return a}(c("EventHolder"));l.call(l);a=l;g["default"]=a}),98);__d("BigPipeInstance",[],(function(a,b,c,d,e,f){"use strict";var g=null;a={Events:{init:"BigPipe/init",tti:"tti_bi
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC14884INData Raw: 61 72 65 64 57 6f 72 6b 65 72 3a 64 2c 69 73 49 6e 57 6f 72 6b 65 72 3a 63 7d 3b 62 3d 61 3b 66 5b 22 64 65 66 61 75 6c 74 22 5d 3d 62 7d 29 2c 36 36 29 3b 0a 5f 5f 64 28 22 42 6f 6f 74 6c 6f 61 64 65 72 44 6f 63 75 6d 65 6e 74 49 6e 73 65 72 74 65 72 22 2c 5b 22 45 78 65 63 75 74 69 6f 6e 45 6e 76 69 72 6f 6e 6d 65 6e 74 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 68 2c 69 3d 6e 75 6c 6c 3b 66 75 6e 63 74 69 6f 6e 20 6a 28 29 7b 69 7c 7c 28 69 3d 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 7c 7c 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 68 65 61 64 22 29 5b 30 5d 7c 7c 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 29 3b 72 65
                                                                                                                                                                                                                                                                                      Data Ascii: aredWorker:d,isInWorker:c};b=a;f["default"]=b}),66);__d("BootloaderDocumentInserter",["ExecutionEnvironment"],(function(a,b,c,d,e,f,g){"use strict";var h,i=null;function j(){i||(i=document.head||document.getElementsByTagName("head")[0]||document.body);re
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC16384INData Raw: 28 29 3b 62 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 64 2e 61 64 64 28 61 29 7d 29 3b 63 2e 73 65 74 28 61 2c 64 29 3b 74 68 69 73 2e 24 31 3d 63 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 62 2e 61 64 64 53 65 74 45 6c 65 6d 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 74 68 69 73 2e 24 31 7c 7c 6e 65 77 20 4d 61 70 28 29 2c 64 3d 63 2e 67 65 74 28 61 29 7c 7c 6e 65 77 20 53 65 74 28 29 3b 64 2e 61 64 64 28 62 29 3b 63 2e 73 65 74 28 61 2c 64 29 3b 74 68 69 73 2e 24 31 3d 63 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 62 2e 61 64 64 56 65 63 74 6f 72 41 6e 6e 6f 74 61 74 69 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 24 33 3d 74 68 69 73 2e 24 33 7c 7c 6e 65 77 20 4d
                                                                                                                                                                                                                                                                                      Data Ascii: ();b.forEach(function(a){return d.add(a)});c.set(a,d);this.$1=c;return this};b.addSetElement=function(a,b){var c=this.$1||new Map(),d=c.get(a)||new Set();d.add(b);c.set(a,d);this.$1=c;return this};b.addVectorAnnotation=function(a,b){this.$3=this.$3||new M
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC16384INData Raw: 22 2c 5b 22 45 78 65 63 75 74 69 6f 6e 45 6e 76 69 72 6f 6e 6d 65 6e 74 22 2c 22 50 48 50 51 75 65 72 79 53 65 72 69 61 6c 69 7a 65 72 4e 6f 45 6e 63 6f 64 69 6e 67 22 2c 22 55 52 49 41 62 73 74 72 61 63 74 42 61 73 65 22 2c 22 55 52 49 53 63 68 65 6d 65 73 22 2c 22 55 72 69 4e 65 65 64 52 61 77 51 75 65 72 79 53 56 43 68 65 63 6b 65 72 22 2c 22 65 72 72 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 76 61 72 20 68 2c 69 3b 66 75 6e 63 74 69 6f 6e 20 6a 28 61 2c 62 2c 64 2c 65 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 63 28 22 55 52 49 41 62 73 74 72 61 63 74 42 61 73 65 22 29 2e 70 61 72 73 65 28 61 2c 62 2c 64 2c 65 29 7d 63 61 74 63 68 28 61 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 63 28 22 65 72 72 22 29
                                                                                                                                                                                                                                                                                      Data Ascii: ",["ExecutionEnvironment","PHPQuerySerializerNoEncoding","URIAbstractBase","URISchemes","UriNeedRawQuerySVChecker","err"],(function(a,b,c,d,e,f,g){var h,i;function j(a,b,d,e){try{return c("URIAbstractBase").parse(a,b,d,e)}catch(a){throw new Error(c("err")
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC14884INData Raw: 53 52 65 73 6f 75 72 63 65 45 76 65 6e 74 73 22 29 2e 6e 6f 74 69 66 79 28 61 2e 24 31 2c 63 2c 22 50 52 4f 4d 49 53 45 5f 52 45 53 4f 4c 56 45 44 22 29 2c 62 28 65 29 7d 2c 28 65 3d 61 2e 24 32 29 21 3d 6e 75 6c 6c 3f 65 3a 6e 29 7d 29 7d 29 3b 28 68 7c 7c 28 68 3d 64 28 22 50 72 6f 6d 69 73 65 41 6e 6e 6f 74 61 74 65 22 29 29 29 2e 73 65 74 44 69 73 70 6c 61 79 4e 61 6d 65 28 65 2c 22 42 6f 6f 74 6c 6f 61 64 28 22 2b 74 68 69 73 2e 67 65 74 4d 6f 64 75 6c 65 49 64 28 29 2b 22 29 22 29 3b 72 65 74 75 72 6e 20 65 7d 3b 65 2e 70 72 65 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 2c 62 3d 74 68 69 73 2c 63 3d 28 61 3d 74 68 69 73 2e 24 32 29 21 3d 6e 75 6c 6c 3f 61 3a 6e 3b 6d 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61
                                                                                                                                                                                                                                                                                      Data Ascii: SResourceEvents").notify(a.$1,c,"PROMISE_RESOLVED"),b(e)},(e=a.$2)!=null?e:n)})});(h||(h=d("PromiseAnnotate"))).setDisplayName(e,"Bootload("+this.getModuleId()+")");return e};e.preload=function(){var a,b=this,c=(a=this.$2)!=null?a:n;m(function(a){return a


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      79192.168.2.849869157.240.251.9443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC374OUTGET /rsrc.php/v3/yF/r/p55HfXW__mM.js HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: static.xx.fbcdn.net
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1928INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                      Content-Type: application/x-javascript; charset=utf-8
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                                                                                                                                                                                                                      content-md5: dZ324YE0DvCnahurRX67Ig==
                                                                                                                                                                                                                                                                                      Expires: Sun, 05 Oct 2025 01:46:31 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: public,max-age=31536000,immutable
                                                                                                                                                                                                                                                                                      report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                                                                                      timing-allow-origin: *
                                                                                                                                                                                                                                                                                      document-policy: force-load-at-top
                                                                                                                                                                                                                                                                                      permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                                                                                                                                                                                                                                                      cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                                                                                      origin-agent-cluster: ?1
                                                                                                                                                                                                                                                                                      X-FB-Debug: Lc9aKHID+FGFYLKiWy7K8EebGF9KDsQOunEDuz7REuG955n6YXOGyUBDwD3PYqqk8KOfl018+QRg6rxtB/0gbw==
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:21 GMT
                                                                                                                                                                                                                                                                                      X-FB-Connection-Quality: GOOD; q=0.7, rtt=89, rtx=0, c=14, mss=1392, tbw=3409, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 507
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1INData Raw: 3b
                                                                                                                                                                                                                                                                                      Data Ascii: ;
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC506INData Raw: 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 2f 2a 2a 0a 20 2a 20 4c 69 63 65 6e 73 65 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 6c 65 67 61 6c 2f 6c 69 63 65 6e 73 65 2f 56 39 76 64 59 43 6f 6c 63 34 6b 2f 0a 20 2a 2f 0a 5f 5f 64 28 22 72 65 61 63 74 2d 30 2e 30 2e 30 22 2c 5b 22 52 65 61 63 74 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 61 28 61 29 7b 72 65 74 75 72 6e 20 61 26 26 74 79 70 65 6f 66 20 61 3d 3d 3d 22 6f 62 6a 65 63 74 22 26 26 22 64 65 66 61 75 6c 74 22 69 6e 20 61 3f 61 5b 22 64 65 66 61 75 6c 74 22 5d 3a 61 7d 76 61 72 20 67 3d 61 28 62 28 22 52 65 61 63 74 22 29 29 3b 64 3d 7b 7d 3b 76 61
                                                                                                                                                                                                                                                                                      Data Ascii: /*FB_PKG_DELIM*//** * License: https://www.facebook.com/legal/license/V9vdYColc4k/ */__d("react-0.0.0",["React"],(function(a,b,c,d,e,f){"use strict";function a(a){return a&&typeof a==="object"&&"default"in a?a["default"]:a}var g=a(b("React"));d={};va


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      80192.168.2.849870157.240.251.9443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC654OUTGET /rsrc.php/v3/yw/r/UXtr_j2Fwe-.png HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: static.xx.fbcdn.net
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                      Referer: https://static.xx.fbcdn.net/rsrc.php/v3/yK/l/0,cross/O0Uz2Q0jyKe.css
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1875INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Content-Type: image/png
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                                                                                                                                                                                                                      content-md5: 07aG/2AEtDHVAZ5LUajMDQ==
                                                                                                                                                                                                                                                                                      Expires: Sat, 04 Oct 2025 00:51:41 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: public,max-age=31536000,immutable
                                                                                                                                                                                                                                                                                      report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                                                                                      timing-allow-origin: *
                                                                                                                                                                                                                                                                                      document-policy: force-load-at-top
                                                                                                                                                                                                                                                                                      permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                                                                                                                                                                                                                                                      cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                                                                                      origin-agent-cluster: ?1
                                                                                                                                                                                                                                                                                      X-FB-Debug: MTrtwApSXi/ng4nh2X6nxDzZSdqZX2A4vq9sG4SdT7xxfgzo+LEzO4TVxkfkF8kfydJ+wkuO+E//uFx+fdL19A==
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:21 GMT
                                                                                                                                                                                                                                                                                      X-FB-Connection-Quality: GOOD; q=0.7, rtt=87, rtx=0, c=14, mss=1392, tbw=3409, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 573
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1INData Raw: 89
                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC572INData Raw: 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0d 00 00 00 27 08 03 00 00 00 e3 02 32 1e 00 00 00 f0 50 4c 54 45 47 70 4c 57 5e 6d 67 6e 7d 64 6b 7a 65 6c 7b 63 6a 79 66 6d 7c 60 67 76 5c 63 72 5d 64 73 50 57 66 55 5c 6b 53 5a 69 56 5d 6c 51 58 67 51 58 67 62 69 78 50 57 66 59 60 6f 59 60 6f 52 59 68 50 57 66 55 5c 6b 67 6e 7d 57 5e 6d 67 6e 7d 51 58 67 64 6b 7a 60 67 76 5c 63 72 5d 64 73 55 5c 6b 5a 61 70 57 5e 6d 63 6a 79 51 58 67 96 96 96 3a 58 97 e9 ea ed 97 97 97 3d 5a 98 6a 71 80 ca ca cc a7 b3 cd b0 b0 b1 70 85 b2 68 6f 7e bf c0 c1 90 a0 c1 67 6e 7d 5f 66 75 a6 a6 a7 63 6a 79 5c 74 a8 d4 d4 d6 5b 62 71 65 6c 7b bc c4 d7 66 6d 7c 5e 65 74 58 5f 6e 60 67 76 a4 b1 cb c8 c9 cb 80 92 b9 b7 b8 b9 61 68 77 b5 b6 b7 a8 a8 a9 df df e2 c5 c5 c7 7c 8f
                                                                                                                                                                                                                                                                                      Data Ascii: PNGIHDR'2PLTEGpLW^mgn}dkzel{cjyfm|`gv\cr]dsPWfU\kSZiV]lQXgQXgbixPWfY`oY`oRYhPWfU\kgn}W^mgn}QXgdkz`gv\cr]dsU\kZapW^mcjyQXg:X=Zjqpho~gn}_fucjy\t[bqel{fm|^etX_n`gvahw|


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      81192.168.2.849872104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC656OUTGET /sites/all/themes/freshmade/img/help.gif HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878; _ga=GA1.1.2068184034.1728340878; _ga_DM0MT881VN=GS1.1.1728340877.1.0.1728340878.0.0.0
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC696INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:21 GMT
                                                                                                                                                                                                                                                                                      Content-Type: image/gif
                                                                                                                                                                                                                                                                                      Content-Length: 707
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 23 Jan 2013 20:50:30 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 16:15:44 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2183137
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y07KrWccgZ7Dn8E0lgixQ97fR9oMMXUfPMUXnhZ9Nw8Dbhpltg1uT6yjIQX%2F9GG%2BrgNDqVE7pV116ZYx4PVSrmE818A5lkHQIoxyOUBmkNEwTbcKb%2BVurZsj3olBY%2BB5Ct%2F%2BYanAqorD99aguw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165ee2bbdc457-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC673INData Raw: 47 49 46 38 39 61 22 01 27 00 d5 00 00 32 32 32 34 34 34 3a 3a 3a 4f 4f 4f 37 37 37 3b 3b 3b 4d 4d 4d 48 48 48 35 35 35 21 21 21 38 38 38 3f 3f 3f 2b 2b 2b 49 49 49 36 36 36 3e 3e 3e 44 44 44 4b 4b 4b 42 42 42 41 41 41 3c 3c 3c 20 20 20 30 30 30 45 45 45 43 43 43 47 47 47 4e 4e 4e 3d 3d 3d 40 40 40 24 24 24 2c 2c 2c 39 39 39 4a 4a 4a 2d 2d 2d 29 29 29 46 46 46 22 22 22 31 31 31 28 28 28 25 25 25 27 27 27 26 26 26 4c 4c 4c 50 50 50 33 33 33 1f 1f 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 f9 04 00 00 00 00 00 2c 00 00 00 00 22 01 27 00 00 06 ff 40 80 70 48 2c 1a 89 04 c9 c1 b0 6a 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf e0 95
                                                                                                                                                                                                                                                                                      Data Ascii: GIF89a"'222444:::OOO777;;;MMMHHH555!!!888???+++III666>>>DDDKKKBBBAAA<<< 000EEECCCGGGNNN===@@@$$$,,,999JJJ---)))FFF"""111(((%%%'''&&&LLLPPP333!,"'@pH,j:tJZvz
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC34INData Raw: 8a 5f bf 48 81 8a 7c 6e 10 08 98 10 21 8c fd fb f8 f3 eb df cf bf bf ff 2c 11 4c 20 80 79 41 00 00 3b
                                                                                                                                                                                                                                                                                      Data Ascii: _H|n!,L yA;


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      82192.168.2.849875104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC666OUTGET /sites/all/themes/freshmade/img/footer-wrapper.gif HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878; _ga=GA1.1.2068184034.1728340878; _ga_DM0MT881VN=GS1.1.1728340877.1.0.1728340878.0.0.0
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC697INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:21 GMT
                                                                                                                                                                                                                                                                                      Content-Type: image/gif
                                                                                                                                                                                                                                                                                      Content-Length: 3177
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 23 Jan 2013 20:50:20 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 20 Oct 2024 20:13:03 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 1477698
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cc793hdbpXmaeZPgiZ4BPlR0iq5FDwKls2zAGZuM3IZdbGvm5UYsX%2Fhey6uXi%2BFo%2FHjYMzHz6JA9y9znQIJvTX%2FaOMrqf6WaSEHv9CqaTqHr8XICAK0L%2Bbfy3r7s2jnyrNJrHT82UvSAbUD%2FSg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165ee29f04334-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC672INData Raw: 47 49 46 38 39 61 e8 03 96 00 c4 1a 00 a6 a6 a6 a4 a4 a4 a7 a7 a7 a2 a2 a2 a8 a8 a8 a0 a0 a0 9e 9e 9e 9c 9c 9c 98 98 98 9b 9b 9b 9f 9f 9f 96 96 96 94 94 94 92 92 92 90 90 90 9a 9a 9a 99 99 99 a9 a9 a9 a5 a5 a5 a3 a3 a3 9d 9d 9d a1 a1 a1 97 97 97 95 95 95 93 93 93 91 91 91 ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 f9 04 01 00 00 1a 00 2c 00 00 00 00 e8 03 96 00 00 05 ff 20 21 08 00 10 04 c3 50 28 c6 91 40 c8 c2 34 8e 66 df 78 ae ef 7c ef ff c0 a0 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf 42 47 83 b1 40 40 12 07 83 a2 90 3a 95 46 04 11 c9 84 52 b1 5c 30 19 0d cc ef fb ff 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 43 62 64 66 68 6a 6c 03 6e 00 70 72 25 27 29 2b 2d 2f 31 33 35 8d a3 a4 a5 a6 a7 a8 a9 aa ab ac ad
                                                                                                                                                                                                                                                                                      Data Ascii: GIF89a!, !P(@4fx|pH,rl:tJZvzBG@@:FR\0Cbdfhjlnpr%')+-/135
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1369INData Raw: 24 96 68 62 14 21 8e d7 de 89 2c b6 e8 22 10 29 b2 67 df 8b 34 d6 d8 62 8c f5 d9 a8 e3 8e 27 e2 e8 1f 8f 40 06 59 a1 8f d2 09 69 e4 91 fa 11 69 20 92 4c 36 59 9e 92 1b 3a 29 e5 94 cc 41 39 22 95 58 66 79 9b 95 2b 6a e9 e5 97 a1 71 39 23 98 64 96 99 98 98 66 a6 a9 26 62 68 ae e9 e6 9b 6e b5 09 e7 9c 74 a6 c7 e0 33 25 c9 65 9c 86 57 d6 e9 e7 9f 33 c9 09 e8 a0 84 ba 24 68 a1 88 26 fa d0 a1 8a 36 ea 28 3e 8c 3e 2a e9 a4 e1 44 4a e9 a5 98 26 63 69 a6 9c 76 da ca a6 9e 86 2a 2a 86 77 9e 63 13 60 bb f5 57 e4 a8 ac b6 ba 4f a9 0e 5a 05 db 7a 39 ba 6a eb ad e5 c0 2a 11 59 a5 d1 f7 23 ae c0 06 fb 05 a8 c2 16 6b ac 13 c4 1e ab ec b2 44 24 cb ec b3 d0 ea e0 6c b4 d4 3e 3b 6d ff b5 d8 1a 7b 6d b6 dc e2 ba 6d b7 e0 b2 fa 6d b8 e4 76 3a 6e b9 e8 52 7a 6e ba ec 36 ba 6e
                                                                                                                                                                                                                                                                                      Data Ascii: $hb!,")g4b'@Yii L6Y:)A9"Xfy+jq9#df&bhnt3%eW3$h&6(>>*DJ&civ**wc`WOZz9j*Y#kD$l>;m{mmmv:nRzn6n
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1136INData Raw: 12 94 c8 e8 6a e1 db 5a 67 ce b7 a0 f5 1d 22 5b 13 30 5b da ba 75 bf 40 0e b2 90 87 4c e4 22 1b f9 c8 48 4e b2 92 97 cc e4 26 3b f9 c9 50 8e b2 94 a7 4c e5 2a 5b f9 ca 58 ce b2 96 b7 cc e5 2e 7b f9 cb 60 0e b3 98 c7 4c e6 32 9b 99 ca e8 05 6b 8b d9 0a 4b 18 8f 35 9b ee 35 ab 9c a9 81 47 67 7a 14 c7 39 d6 f1 7d 7b cc e2 3e fb f9 cf 80 0e b4 a0 07 4d e8 42 1b fa d0 88 4e b4 a2 17 cd e8 46 3b fa d1 90 8e ff b4 a4 27 4d e9 4a 5b fa d2 98 ce b4 a6 37 cd e9 4e 7b fa d3 a0 0e b5 a8 47 4d ea 49 f3 d8 b4 0b 7c b1 02 d6 e0 cf 09 34 34 ce 72 36 2b 9d eb 7c 82 88 16 b4 13 06 30 5f 6c d9 cc e6 53 fb fa d7 c0 0e b6 b0 87 4d ec 62 1b fb d8 c8 4e b6 b2 97 cd ec 66 3b fb d9 d0 8e b6 b4 a7 4d ed 6a 5b fb da d8 ce b6 b6 b7 cd ed 6e 7b fb db e0 0e b7 b8 c7 4d 6e 68 f3 9a ad
                                                                                                                                                                                                                                                                                      Data Ascii: jZg"[0[u@L"HN&;PL*[X.{`L2kK55Ggz9}{>MBNF;'MJ[7N{GMI|44r6+|0_lSMbNf;Mj[n{Mnh


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      83192.168.2.849874104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC668OUTGET /sites/all/themes/freshmade/img/header-wrapper-2.gif HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878; _ga=GA1.1.2068184034.1728340878; _ga_DM0MT881VN=GS1.1.1728340877.1.0.1728340878.0.0.0
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC703INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:21 GMT
                                                                                                                                                                                                                                                                                      Content-Type: image/gif
                                                                                                                                                                                                                                                                                      Content-Length: 13692
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 23 Jan 2013 20:50:25 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 03 Nov 2024 00:41:51 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 338370
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jYO91wYrbjIa6kbp38SJMy%2Fp5%2BazCB%2BAab5Wnz4bmTjn03pwpjAzy2wH%2F3Xtn53S0TR%2B7mce0%2Fkxq9uHLxxqGMv%2FoMGrwwMQW%2FN%2BpUSSsOIwO1lCs3dsNtq7IJ0nMdvgjP5MfD49QvM4yDgzDA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165ee29707d05-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC666INData Raw: 47 49 46 38 39 61 b0 04 82 00 f7 00 00 28 28 27 36 33 30 30 2e 2c 39 39 39 4c 3e 32 2b 29 27 2e 2c 2a 46 38 2a 3f 38 31 4c 3e 30 34 30 2c 3a 34 2e 48 3c 30 48 3d 32 30 2f 2e 4e 3e 30 36 32 2e 3d 32 28 4a 3c 2e 3a 36 31 2c 2b 2b 37 34 31 4d 40 33 4a 3a 2c 32 2e 2a 3a 35 30 31 30 2e 46 3a 2e 3e 36 2e 3c 34 2c 44 3b 32 42 3a 32 42 38 2f 2c 2a 28 36 36 36 2e 2d 2c 2a 29 29 3e 37 30 34 2e 28 46 36 26 4e 40 30 43 39 30 40 36 2c 48 3a 2c 29 27 26 38 32 2c 3e 34 2a 34 32 2f 42 36 2b 31 2c 27 44 38 2c 39 32 2a 38 34 2f 36 30 2a 2a 28 27 44 37 2a 4c 3c 2e 4a 3e 31 38 33 2e 32 30 2d 30 2c 29 38 38 38 48 3b 2e 3d 35 2e 2a 2a 29 3b 3b 3b 47 38 2a 43 3a 30 46 3b 30 40 37 2e 34 31 2d 30 2d 2a 38 30 28 2e 2e 2d 42 37 2c 3a 33 2c 52 42 33 50 41 34 37 32 2d 2e 2b 28 27 26
                                                                                                                                                                                                                                                                                      Data Ascii: GIF89a(('6300.,999L>2+)'.,*F8*?81L>040,:4.H<0H=20/.N>062.=2(J<.:61,++741M@3J:,2.*:5010.F:.>6.<4,D;2B:2B8/,*(666.-,*))>704.(F6&N@0C90@6,H:,)'&82,>4*42/B6+1,'D8,92*84/60**('D7*L<.J>183.20-0,)888H;.=5.**);;;G8*C:0F;0@7.41-0-*80(..-B7,:3,RB3PA472-.+('&
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1369INData Raw: 2c 4f 3e 2e 4c 3d 2e 33 31 2e 33 30 2d 4e 40 32 49 38 29 4e 3d 2e 4f 40 31 4b 3a 2a 4a 39 29 4e 3d 2d 41 38 30 4f 3f 2e 32 30 2f 3c 35 2f 51 40 30 4e 3e 2d 4d 3d 2c 4f 41 32 4b 3a 2b 45 3a 30 47 37 27 2d 2d 2c 4c 3c 2b 4b 3b 2a 4c 3b 2c 49 3a 2a 34 2d 28 4a 3b 2d 3a 3a 3a 48 39 2a 4d 3f 32 42 35 29 43 36 2a 4b 3c 2b 4d 3c 2d 49 3c 2e ff ff ff 21 f9 04 01 00 00 ff 00 2c 00 00 00 00 b0 04 82 00 00 08 ff 00 ab 08 1c 48 b0 20 41 28 55 10 26 34 c8 a2 a1 c3 87 00 00 d8 98 48 b1 80 c5 8b 21 e4 68 dc 18 a3 63 47 38 70 ea 99 08 43 12 0d 9a 2e 28 91 94 59 89 25 42 04 2d 5a e6 cc 61 c3 46 9f be 7d fb 6e e8 3c c0 53 88 90 65 40 7f 2e 13 46 f4 9d d1 13 48 4f fc 5b ca b4 a9 d3 a7 50 a3 4a 9d 4a b5 aa d5 ab 58 b3 6a dd ca b5 ab d7 af 60 c3 8a 1d 4b b6 ac d9 b3 68 d3 aa
                                                                                                                                                                                                                                                                                      Data Ascii: ,O>.L=.31.30-N@2I8)N=.O@1K:*J9)N=-A80O?.20/<5/Q@0N>-M=,OA2K:+E:0G7'--,L<+K;*L;,I:*4-(J;-:::H9*M?2B5)C6*K<+M<-I<.!,H A(U&4H!hcG8pC.(Y%B-ZaF}n<Se@.FHO[PJJXj`Kh
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1369INData Raw: a9 39 24 26 f1 33 9a 44 1f 27 3d 49 4e f0 81 12 7d a2 fc 50 16 4b 19 bf 2e a2 52 7f fc 5b 25 19 5b f9 4a 34 ca 92 96 0e 84 e0 2d 2d 28 ff 47 bf d0 d1 54 c2 0c a8 40 07 4a d0 82 06 8c 98 80 44 a6 32 5b 58 48 67 1e 12 9a 89 94 26 0e a9 d9 c8 47 46 d2 7e 93 e4 e6 e6 be 79 91 70 5a 71 9c 9d f4 84 48 47 4a d2 91 02 e1 a4 9d 3c e9 49 1b c1 d2 96 36 a2 7d 75 8a 69 11 79 70 84 9a c2 01 03 38 35 41 16 76 9a 85 fd a5 a1 06 fe f3 c2 0c 66 f0 8c 33 08 d0 05 48 bd c2 15 d4 80 40 18 e8 44 06 b4 7c a1 54 e9 71 01 7b 5c e0 02 ac 68 47 05 5b 11 c7 21 19 c5 a0 60 0d ab 58 c7 4a 56 24 19 e5 1b 59 82 45 0a c5 d1 8a ac b2 a2 0d 17 68 83 55 e9 b1 82 0b 48 d5 a1 32 d0 49 53 d5 a0 54 a4 e2 d0 a8 cf 18 6a 50 6b e0 53 9e 66 c1 04 38 c5 00 1c 6a 7a 84 99 c6 34 a6 ec 73 69 4b 55 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 9$&3D'=IN}PK.R[%[J4--(GT@JD2[XHg&GF~ypZqHGJ<I6}uiyp85Avf3H@D|Tq{\hG[!`XJV$YEhUH2ISTjPkSf8jz4siKU
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1369INData Raw: 8a ac b8 8a f4 46 05 ff a7 76 54 40 05 7e 50 8b b6 b8 87 53 77 04 18 20 00 01 17 05 51 b0 53 0a 10 8c 35 20 05 c4 e8 05 2d 60 84 09 b7 04 0c d7 01 4a 75 05 4a a8 04 66 20 03 56 60 05 87 78 71 3e 70 8d 12 20 01 f6 f0 06 dc f8 0a af f0 06 de d8 06 9f e0 7d ac c0 56 59 f2 0d 91 98 8e ea b8 8e 77 f4 0d d0 b0 56 ac 10 0f 38 f7 09 af d0 0f d9 80 03 af 90 0d dc f8 06 12 c0 8f d7 e8 03 e6 37 8d 32 60 06 e8 b7 89 57 b0 8c c9 08 7a 33 d0 02 5e 40 8c 52 50 03 c1 a8 00 3b e5 8b 01 c7 8b b9 48 75 fd 66 8b b6 38 8b b1 98 75 b0 48 01 ad 18 92 22 29 92 af d8 91 f6 36 8b 1a 59 8b b8 f8 76 bc 98 58 be 08 8c c2 e8 90 c6 88 8c 09 b7 8c cd f8 8c d1 ff 38 8d d5 b8 02 ff 98 8d db d8 8d df 18 8e e3 e8 7d e6 68 72 ec 78 94 48 99 94 bd e3 8e f0 28 8f 9f 40 8f f6 88 8f fa c8 8d fd
                                                                                                                                                                                                                                                                                      Data Ascii: FvT@~PSw QS5 -`JuJf V`xq>p }VYwV872`Wz3^@RP;Huf8uH")6YvX8}hrxH(@
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1369INData Raw: db b4 07 1c bd 96 3b bd 0d fc c3 40 7c 85 0f 3c b1 db fb b5 19 3b b6 1b 5b b6 17 8c ba e4 ab c1 24 7b be 70 7b b2 af 3b b7 21 3c c2 34 ab b7 a0 90 c5 5a bc c5 49 90 c5 21 cc be 79 90 b3 ef 1a af be d8 0d dd e0 c2 0e e9 04 4e a0 a8 3a a0 03 3f eb a8 3f 10 c7 f8 3a 06 95 5a 04 20 10 c0 56 f0 05 5f d0 b8 3e c0 00 9e ba 05 80 ec 06 db 80 0a 09 90 00 a8 e0 0b 82 00 0e 88 ff 3c b0 39 37 8e e2 00 0d 41 1c c9 92 8c 81 57 36 8f 9e eb 0b e4 50 08 85 a0 c8 a8 10 0d 86 4c c8 09 00 c8 5b e0 bd 0c 70 ac 7a cc b1 20 50 c7 63 90 ba 71 cc b6 23 db c6 8a aa c6 e8 6b c6 64 1c 05 62 cc ad 79 f0 c5 37 9b c5 5d bc c5 be fc cb 5a dc cb ba cc b2 61 7c cb 80 5a cb 66 8c c6 c4 a8 c6 6c ec c6 c3 0b c7 72 2c a9 74 5c a9 77 cc af 7a cc c7 7e 0c aa 81 3c c8 85 7c c8 89 bc c8 a6 da c8
                                                                                                                                                                                                                                                                                      Data Ascii: ;@|<;[${p{;!<4ZI!yN:??:Z V_><97AW6PL[pz Pcq#kdby7]Za|Zflr,t\wz~<|
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1369INData Raw: 0e 3e f9 7e ae f5 81 6e ed 85 ae f9 db de ed 29 4e f6 90 6e f6 93 ae f2 36 7e ee a7 9f fd da 1f 2b a9 ff 0f ea ab 6f f3 f4 5e f7 a8 0e fb 3c 9f f7 3e bf f7 40 df f7 42 1f f8 5e 9e fb 47 bf fb 65 de fb be 9f 07 c0 1f fc 8b 30 fc 88 5f fc cc 2e f9 10 0e 10 10 20 38 71 d2 42 c7 c1 69 0b e2 c4 41 87 ee c7 0f 0e 1c c6 14 a1 c8 8b 17 88 14 29 ac 7c f9 b2 81 88 0f 1f fe 18 30 d8 b2 c5 4d 02 94 a8 50 45 8b f6 20 9a 4a 54 be 0a 91 13 24 e8 d5 ab 4f ac 8e fd e3 d9 d3 e7 4f a0 41 85 0e 25 5a d4 e8 51 a4 49 95 2e 65 da d4 e9 53 a8 51 a5 4e a5 5a d5 ea 55 ac 59 b5 6e e5 da d5 eb 57 b0 61 c5 8e 25 5b 16 e9 31 56 9f 6c 0a 02 a7 ae 90 b6 97 c8 a2 25 62 f9 92 25 4a 37 25 47 fa 03 49 64 03 47 2b 19 41 58 a4 58 64 4c c4 87 0d 17 2e 98 76 50 47 0b 82 02 8d 4c 9e ac a0 db e5
                                                                                                                                                                                                                                                                                      Data Ascii: >~n)Nn6~+o^<>@B^Ge0_. 8qBiA)|0MPE JT$OOA%ZQI.eSQNZUYnWa%[1Vl%b%J7%GIdG+AXXdL.vPGL
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1369INData Raw: 47 49 4a 52 cd 68 46 39 b0 81 8d 14 0c 81 18 c4 08 45 28 88 60 8a 91 34 a0 01 39 38 98 35 42 e5 8d 7c a0 20 1c 1b 65 04 fe 54 01 2c 64 98 a3 10 82 c8 46 36 3e 51 4c 94 a6 54 a5 2b 65 a9 90 78 05 32 73 38 c3 19 89 50 85 2a 18 d1 51 46 28 23 1c 1d f5 c6 2e 30 9a 0f 6b a4 2c 07 12 1d 89 29 88 d0 d0 85 0e 21 05 07 2d 07 41 05 5a 82 47 89 a1 51 19 e0 d6 34 68 a0 03 7c 06 00 02 f4 14 45 3c df f9 4e 76 ae f3 1c e7 3a 67 59 cb 49 4e 42 7c 73 18 dd 64 6b 5b bd 09 4e 71 92 d3 ac e7 4c 67 58 53 f1 55 77 c6 93 ab f6 c4 a7 3e f9 b9 00 7f 36 04 a0 cc 78 2a 41 0d 8a 50 85 32 d4 a1 10 65 80 44 29 fa 29 8b e6 03 ff a3 1a e5 a8 47 41 2a 52 92 9a b4 a5 9b e5 6c 67 3d fb d9 aa bc b4 10 31 9d 69 4d 6f ba 53 9d f2 d4 a7 a1 0a aa a7 86 da 80 a2 1e 35 14 49 5d 2a 36 9a da 8c a7
                                                                                                                                                                                                                                                                                      Data Ascii: GIJRhF9E(`4985B| eT,dF6>QLT+ex2s8P*QF(#.0k,)!-AZGQ4h|E<Nv:gYINB|sdk[NqLgXSUw>6x*AP2eD))GA*Rlg=1iMoS5I]*6
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1369INData Raw: 43 32 34 43 04 40 43 59 50 43 36 64 c0 37 44 40 39 a4 c3 79 b2 43 3c d4 c3 fc 63 c4 fa fb c3 45 ec 03 41 34 44 73 3c c4 51 18 c7 3f 04 47 fa 73 44 fe f3 bf 48 9c 27 02 2c 40 4a 6c c3 4b 24 85 08 9c c0 0a bc c0 0c dc c0 0e 0c 85 0f 0c 41 89 1a c5 13 cc 87 14 5c c1 16 7c c1 18 9c c1 1a 64 84 1b cc 41 41 d8 c1 5a 9c 48 8a ac 48 f6 b9 c5 ff 5c 3c c2 24 5c c2 26 7c c2 28 9c c2 2a bc c2 2c cc 85 2d ec c2 2f a4 85 30 1c c3 32 3c c3 12 48 c3 07 ac c6 05 bc c6 03 cc c6 3a 0c c0 6e b4 85 3d 64 c7 44 8c bf 71 2c c7 73 3c 47 41 54 c7 f9 d3 49 77 84 c4 00 94 44 7a 44 c0 4a 5c c0 7b cc 47 4d dc c7 4e f4 47 50 14 c8 11 2c c1 82 3c c8 53 4c c5 85 64 45 87 74 45 58 b4 48 b0 0c 4b b1 14 1b 8c 2c 42 8d e4 c5 8e 04 46 61 0c 49 63 1c c9 92 5c c6 66 54 49 68 94 46 6a 6c 43 99
                                                                                                                                                                                                                                                                                      Data Ascii: C24C@CYPC6d7D@9yC<cEA4Ds<Q?GsDH',@JlK$A\|dAAZHH\<$\&|(*,-/02<H:n=dDq,s<GATIwDzDJ\{GMNGP,<SLdEtEXHK,BFaIc\fTIhFjlC
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1369INData Raw: 75 d9 f1 75 dc f2 9d d9 b1 e5 61 31 1e 63 ce f2 61 cc 75 d8 b6 85 d8 ff b7 f5 5c b9 ad 58 10 7e 5e 11 de 58 12 9e de 73 bc 03 3b be 63 3c ae 83 47 78 84 f4 ab 83 3e b6 03 3f ae 03 41 1e e4 3a d8 83 42 de 03 44 0e 04 45 fe 03 46 d6 03 47 76 e4 7b aa 00 49 96 e4 4a a8 84 59 00 04 4c ce 80 09 c0 05 07 9c 84 49 b0 04 4b a0 40 0a 44 84 0b 8c 84 0f 38 65 0f 68 28 43 00 c1 5e 90 a8 58 d0 05 4c 38 41 0b 98 65 4d f8 85 43 b8 e5 64 b8 84 52 28 85 4b 50 04 27 5c c2 5b a8 41 57 44 85 91 22 63 63 3e 66 95 92 09 64 a0 a9 55 08 e6 41 a8 85 5a 50 04 26 90 66 6a e0 e5 4b 68 82 52 b8 e5 5f 20 c6 59 36 46 4c d0 85 58 90 a8 5e e0 42 43 68 28 0f 38 e5 0f 88 04 32 44 04 51 46 00 50 f6 e4 35 c4 85 09 c8 00 4c 06 84 59 a8 e4 49 96 e4 7b 7a 64 47 66 e4 3f 50 e4 40 40 64 44 2e 64
                                                                                                                                                                                                                                                                                      Data Ascii: uua1cau\X~^Xs;c<Gx>?A:BDEFGv{IJYLIK@D8eh(C^XL8AeMCdR(KP'\[AWD"cc>fdUAZP&fjKhR_ Y6FLX^BCh(82DQFP5LYI{zdGf?P@@dD.d
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1369INData Raw: 7d a7 c7 f8 dc 97 7a 8e 2f 75 33 f7 7d c6 47 77 92 7f f3 c8 8f f5 c9 4f 7e fc cf 7f b2 58 fe 5d 07 88 4b 4d 4a 1d 3a f4 4b 93 85 84 d6 30 61 d2 15 ab 41 83 5e a6 0c 19 0a 15 ca c3 87 8c 91 22 21 42 84 e0 23 02 4b 96 26 4d 22 85 0b d7 84 0c 80 56 ce aa 54 a9 02 4c 98 01 02 e8 a9 59 f3 0f ce 40 3a f7 f0 dc 53 c7 67 9d a0 42 ed d4 21 6a c7 a8 9d 47 8f ea dc 69 ea f4 29 d4 a7 75 94 1e 2d 6a b4 a8 d0 ac 3e 7b ee d1 19 08 e7 1f 9b 35 67 c6 84 e9 72 d6 4a 40 19 26 9c 24 45 52 24 48 04 1d 37 66 fc e0 c1 22 45 53 bd 20 c6 d2 c5 d0 5a 42 0b 9a 7e 15 3c 94 ec 52 a9 52 97 14 ff 41 52 34 08 d2 ad 41 8c 56 25 4a 84 aa 90 a0 7f 9a 37 73 ee ec f9 33 e8 d0 a2 47 93 2e 6d fa 34 ea d4 aa 57 b3 6e ed fa 35 ec d8 b2 67 d3 ae 6d fb 36 ee dc ba 77 f3 ee ed fb 37 f0 e0 c2 87 9b
                                                                                                                                                                                                                                                                                      Data Ascii: }z/u3}GwO~X]KMJ:K0aA^"!B#K&M"VTLY@:SgB!jGi)u-j>{5grJ@&$ER$H7f"ES ZB~<RRAR4AV%J7s3G.m4Wn5gm6w7


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      84192.168.2.849873104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC662OUTGET /sites/all/themes/freshmade/img/navigation.gif HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878; _ga=GA1.1.2068184034.1728340878; _ga_DM0MT881VN=GS1.1.1728340877.1.0.1728340878.0.0.0
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC695INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:21 GMT
                                                                                                                                                                                                                                                                                      Content-Type: image/gif
                                                                                                                                                                                                                                                                                      Content-Length: 5195
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 23 Jan 2013 20:50:48 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sat, 12 Oct 2024 16:15:43 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 2183138
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r0abMncL9R7mmDGHlF%2FCxAGgQcOpiDe0m%2B4NuhHdPdhv50nztL1ZBPXh5ElDNhWYnBHNPocadT4LXhv0oQpaD04oVISyjKSepkrksj9oY%2F%2F2Vzx8qwm8clSNE%2FqcAnnOQH3Ta3SgsevHkPNMVw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165ee5f94335a-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC674INData Raw: 47 49 46 38 39 61 96 00 2e 00 f7 00 00 b7 6d 2b ba 70 2e c2 79 36 c1 78 35 b0 65 24 b6 6c 2a b2 67 26 bd 73 31 c0 77 34 bb 71 2f b2 68 26 b4 6a 28 b1 66 25 b9 6f 2d bf 76 33 b8 6e 2c bf 75 33 be 74 32 bc 72 30 b3 69 27 b5 6b 29 b1 67 25 b4 69 28 af 65 23 c2 78 36 c0 76 34 bd 74 31 bc 73 30 b3 68 27 be 75 32 c1 77 35 b0 66 24 ae 64 22 c3 79 37 c4 7a 38 be 74 31 b5 6a 29 ad 63 21 ac 62 20 c1 78 36 c5 7b 38 b4 69 27 ad 63 22 b0 66 25 be 75 33 b3 69 28 c4 7b 39 c0 77 35 ad 62 20 ac 62 21 c0 76 33 c4 7c 38 ad 61 20 c1 77 34 b6 6b 29 b5 6b 2a af 64 22 bf 76 34 af 65 24 c2 79 37 bb 72 2f b4 6a 29 bb 71 2e c3 7a 38 bd 74 32 b2 68 27 ba 71 2e c5 7c 38 ac 61 21 b0 65 23 c2 78 35 b9 70 2d b8 6d 2c b1 67 26 b6 6b 2a c3 79 36 b8 6e 2b b1 66 24 b2 67 25 ad 62 22 c5 7b
                                                                                                                                                                                                                                                                                      Data Ascii: GIF89a.m+p.y6x5e$l*g&s1w4q/h&j(f%o-v3n,u3t2r0i'k)g%i(e#x6v4t1s0h'u2w5f$d"y7z8t1j)c!b x6{8i'c"f%u3i({9w5b b!v3|8a w4k)k*d"v4e$y7r/j)q.z8t2h'q.|8a!e#x5p-m,g&k*y6n+f$g%b"{
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 f9 04 00 00 00 00 00 2c 00 00 00 00 96 00 2e 00 00 08 ff 00 79 09 1c 48 b0 a0 c1 83 08 13 2a 5c c8 b0 a1 c3 87 10 1d 02 9b 48 b1 a2 c5 8b 18 33 6a dc c8 b1 a3 c7 8f 20 43 86 74 61 05 d8 0c 14 28 80 41 31 89 52 e5 0c 95 c0 ac 0c 01 36 64 88 8b 9a 28 ac cc 98 31 d3 a5 8b 89 33 6e aa 24 69 05 65 cf 21 50 5c a4 fc 05 e5 d7 af 99 25 a1 d2 84 89 12 8a cc 94 31 81 02 73 01 65 e5 c4 21 45 51 04 ed 39 d1 4a c9 a7 14 51 fc 7c 09 65 86 15 92 c0 72
                                                                                                                                                                                                                                                                                      Data Ascii: !,.yH*\H3j Cta(A1R6d(13n$ie!P\%1se!EQ9JQ|er
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1369INData Raw: 80 2d 67 c9 02 3a cc d2 96 9f b4 65 2b 23 a0 01 20 8c 00 08 11 18 c1 08 22 40 4f 20 c0 b3 9d f3 ac e7 3b 35 20 ff 4f 79 46 00 08 ed 8c e7 3e e3 79 cf 79 ce 13 9e 23 d0 40 40 d9 49 cf 86 fe 33 9f fe 24 28 3f f9 29 cf 76 f2 93 a0 f3 c4 67 3c d9 89 d0 77 66 14 a0 0d 4d e8 47 df 49 4f 88 1e 94 9d 09 75 e7 46 e5 09 4f 78 96 14 a2 ee 7c e7 01 66 3a 53 85 1e 40 03 35 9d 29 1a 34 80 86 03 70 61 a6 5c d8 e9 01 7a 4a 53 9b 6a a0 11 37 ad 29 4e 69 fa d3 a4 1e 35 a7 3f 45 ea 52 69 ca 54 a2 2e 75 aa 49 2d aa 4f 9d aa 55 34 d4 a2 11 8d 30 2a 4e c7 aa d0 a6 d2 74 03 3b b5 2a 52 b9 b0 d4 9d 36 95 a8 54 1d eb 01 1a c1 05 2e 48 00 16 68 95 c0 06 f4 ba 01 bb 4a 40 af 7f dd 2b 5f d1 5a 57 b4 6e 60 af 7a d0 ab 1f 0e eb 87 bf ea 61 af 3f 0d ec 61 25 c0 85 0d e8 e1 b1 7f 05 ec
                                                                                                                                                                                                                                                                                      Data Ascii: -g:e+# "@O ;5 OyF>yy#@@I3$(?)vg<wfMGIOuFOx|f:S@5)4pa\zJSj7)Ni5?ERiT.uI-OU40*Nt;*R6T.HhJ@+_ZWn`za?a%
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1369INData Raw: 48 02 0b 40 02 7f 38 87 7b 48 02 5a f0 87 9f f8 86 81 e8 87 16 b0 00 0b d0 03 c0 88 09 c2 38 8c 5a b0 00 bf d8 03 16 f0 8b cb 88 09 c8 d8 03 ca 18 8c c0 38 8c d3 08 8c cc 28 8c a8 00 8d c1 68 01 c7 38 8d dc c8 8c dd f8 8b d5 88 8c e1 58 8c 16 80 09 bf 78 8c cb e8 8d c9 18 8e e2 28 8c dc b8 00 a8 80 8c 16 30 8f d5 68 8e e1 78 8f f1 c8 8c d5 a8 05 c7 58 8c d2 78 8c 13 30 90 29 60 01 03 39 01 29 d0 02 07 69 01 2d 50 90 0d 39 90 16 90 90 11 d9 02 06 49 91 08 a9 90 29 70 90 19 59 91 0d c9 90 15 99 02 20 89 91 0a 89 90 17 d9 02 0d 99 90 26 19 91 09 e9 90 06 49 90 cb 48 92 08 f9 92 0c f9 90 19 99 92 03 49 91 05 ff 29 91 2b 49 91 3c 89 91 35 c9 93 11 19 93 31 69 90 20 89 92 1b d9 91 41 c0 01 1c 30 90 41 a0 00 4a 99 94 49 a9 94 13 20 95 72 c0 01 51 99 94 85 e0 94
                                                                                                                                                                                                                                                                                      Data Ascii: H@8{HZ8Z8(h8Xx(0hxXx0)`9)i-P9I)pY &IHI)+I<51i A0AJI rQ
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC414INData Raw: 61 20 c0 51 f0 04 61 c0 be fb 5b c4 46 ec be ed 6b c4 2e cc bf 45 4c c4 fb 1b c0 4a 9c c4 fb ab bf 43 5c c4 48 7c c4 ef db c4 51 4c c4 35 ec c4 fb 7b c5 5b 2c c5 56 dc be 48 5c bf 5e 3c c6 52 ac bf fb 2b c1 59 fc be fa cb be 60 2c c4 5f ec be 30 60 02 57 10 03 bd 60 02 bd 00 03 31 40 04 7b dc 0b 57 b0 c7 7c 0c 03 57 60 02 78 6c 02 34 10 03 30 ff b0 c8 bd 40 04 34 00 03 79 ec c8 34 b0 bf 44 10 c8 77 4c 03 44 10 0c 26 c0 c7 44 50 c7 fb 3b c8 80 fc c8 7b 7c c7 9e 6c 02 7a ac c7 c1 10 03 86 ac c4 57 40 03 8f 8c c7 7b dc c7 57 d0 c9 8a 0c c9 57 70 cb 44 a0 c7 9e 1c c9 99 8c c7 31 10 c8 8a 9c c8 93 1c 03 93 bc bf c1 40 c8 7b ec c8 75 4c 04 be bc c7 88 ac c8 57 10 0c 95 ec c8 b9 1c 0c 89 9c c7 c1 90 cd 88 dc 0b d6 dc cd 26 90 cb c6 9c cd da 9c ca d6 6c 02 d2 9c
                                                                                                                                                                                                                                                                                      Data Ascii: a Qa[Fk.ELJC\H|QL5{[,VH\^<R+Y`,_0`W`1@{W|W`xl40@4y4DwLD&DP;{|lzW@{WWpD1@{uLW&l


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      85192.168.2.849871157.240.251.9443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC581OUTGET /rsrc.php/v3/yR/r/PNStWZQ9T-1.js HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: static.xx.fbcdn.net
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      Origin: https://www.facebook.com
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                      Referer: https://www.facebook.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1945INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Content-Type: application/x-javascript; charset=utf-8
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                                                                                                                                                                                                                      content-md5: k+2RyC/jk5c91j6uD4Secw==
                                                                                                                                                                                                                                                                                      Expires: Thu, 02 Oct 2025 20:38:05 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: public,max-age=31536000,immutable
                                                                                                                                                                                                                                                                                      report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                                                                                      timing-allow-origin: *
                                                                                                                                                                                                                                                                                      document-policy: force-load-at-top
                                                                                                                                                                                                                                                                                      permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                                                                                                                                                                                                                                                      cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                                                                                      origin-agent-cluster: ?1
                                                                                                                                                                                                                                                                                      X-FB-Debug: N44fWaMwLyMRoYATajUpcAQzjtPfRc4yz1bgk5eMHANZjZct5gTGQIBoV0+IroO0mznmJIj2qwNzJNVpBUpz+w==
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:21 GMT
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: https://www.facebook.com
                                                                                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                                                                                      X-FB-Connection-Quality: GOOD; q=0.7, rtt=84, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=3, ullat=-1
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 225285
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1INData Raw: 3b
                                                                                                                                                                                                                                                                                      Data Ascii: ;
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC15870INData Raw: 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 5f 5f 64 28 22 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 49 6d 70 6c 46 6f 72 42 6c 75 65 22 2c 5b 22 45 76 65 6e 74 22 2c 22 54 69 6d 65 53 6c 69 63 65 22 2c 22 65 6d 70 74 79 46 75 6e 63 74 69 6f 6e 22 2c 22 73 65 74 49 6d 6d 65 64 69 61 74 65 41 63 72 6f 73 73 54 72 61 6e 73 69 74 69 6f 6e 73 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 66 75 6e 63 74 69 6f 6e 20 68 28 61 2c 62 2c 64 2c 65 29 7b 76 61 72 20 66 3d 63 28 22 54 69 6d 65 53 6c 69 63 65 22 29 2e 67 75 61 72 64 28 64 2c 22 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 20 63 61 70 74 75 72 65 20 22 2b 62 29 3b 69 66 28 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 29 7b 61 2e 61 64 64 45 76 65 6e 74 4c
                                                                                                                                                                                                                                                                                      Data Ascii: /*FB_PKG_DELIM*/__d("EventListenerImplForBlue",["Event","TimeSlice","emptyFunction","setImmediateAcrossTransitions"],(function(a,b,c,d,e,f,g){function h(a,b,d,e){var f=c("TimeSlice").guard(d,"EventListener capture "+b);if(a.addEventListener){a.addEventL
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC16384INData Raw: 2e 65 78 70 69 72 61 74 69 6f 6e 54 69 6d 65 3e 64 26 26 4a 28 29 29 3b 29 7b 76 61 72 20 67 3d 63 2e 63 61 6c 6c 62 61 63 6b 3b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 3d 74 79 70 65 6f 66 20 67 29 7b 63 2e 63 61 6c 6c 62 61 63 6b 3d 6e 75 6c 6c 3b 77 3d 63 2e 70 72 69 6f 72 69 74 79 4c 65 76 65 6c 3b 67 3d 67 28 63 2e 65 78 70 69 72 61 74 69 6f 6e 54 69 6d 65 3c 3d 64 29 3b 64 3d 68 2e 75 6e 73 74 61 62 6c 65 5f 6e 6f 77 28 29 3b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 3d 74 79 70 65 6f 66 20 67 29 7b 63 2e 63 61 6c 6c 62 61 63 6b 3d 67 3b 44 28 64 29 3b 65 3d 21 30 3b 62 72 65 61 6b 20 62 7d 63 3d 3d 3d 6d 28 73 29 26 26 6e 28 73 29 3b 44 28 64 29 7d 65 6c 73 65 20 6e 28 73 29 3b 63 3d 6d 28 73 29 7d 69 66 28 6e 75 6c 6c 21 3d 3d 63 29 65 3d
                                                                                                                                                                                                                                                                                      Data Ascii: .expirationTime>d&&J());){var g=c.callback;if("function"===typeof g){c.callback=null;w=c.priorityLevel;g=g(c.expirationTime<=d);d=h.unstable_now();if("function"===typeof g){c.callback=g;D(d);e=!0;break b}c===m(s)&&n(s);D(d)}else n(s);c=m(s)}if(null!==c)e=
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC16384INData Raw: 4b 62 5b 4c 62 5d 3d 6e 75 6c 6c 2c 4c 62 2d 2d 29 7d 66 75 6e 63 74 69 6f 6e 20 44 28 64 2c 65 29 7b 4c 62 2b 2b 2c 4b 62 5b 4c 62 5d 3d 64 2e 63 75 72 72 65 6e 74 2c 64 2e 63 75 72 72 65 6e 74 3d 65 7d 76 61 72 20 4d 62 3d 67 28 6e 75 6c 6c 29 2c 4e 62 3d 67 28 6e 75 6c 6c 29 2c 4f 62 3d 67 28 6e 75 6c 6c 29 2c 50 62 3d 67 28 6e 75 6c 6c 29 3b 66 75 6e 63 74 69 6f 6e 20 51 62 28 64 2c 65 29 7b 44 28 4f 62 2c 65 29 3b 44 28 4e 62 2c 64 29 3b 44 28 4d 62 2c 6e 75 6c 6c 29 3b 64 3d 65 2e 6e 6f 64 65 54 79 70 65 3b 73 77 69 74 63 68 28 64 29 7b 63 61 73 65 20 39 3a 63 61 73 65 20 31 31 3a 65 3d 28 65 3d 65 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 29 3f 28 65 3d 65 2e 6e 61 6d 65 73 70 61 63 65 55 52 49 29 3f 6a 6e 28 65 29 3a 30 3a 30 3b 62 72 65 61
                                                                                                                                                                                                                                                                                      Data Ascii: Kb[Lb]=null,Lb--)}function D(d,e){Lb++,Kb[Lb]=d.current,d.current=e}var Mb=g(null),Nb=g(null),Ob=g(null),Pb=g(null);function Qb(d,e){D(Ob,e);D(Nb,d);D(Mb,null);d=e.nodeType;switch(d){case 9:case 11:e=(e=e.documentElement)?(e=e.namespaceURI)?jn(e):0:0;brea
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:22 UTC16384INData Raw: 3a 45 64 3d 45 64 2e 6e 65 78 74 3d 64 29 2c 47 64 3d 21 30 2c 46 64 7c 7c 28 46 64 3d 21 30 2c 50 64 28 4c 64 29 29 2c 74 7c 7c 4d 64 28 64 2c 66 62 28 29 29 7d 66 75 6e 63 74 69 6f 6e 20 4b 64 28 64 2c 65 29 7b 69 66 28 21 48 64 26 26 47 64 29 7b 48 64 3d 21 30 3b 64 6f 7b 76 61 72 20 66 3d 21 31 3b 66 6f 72 28 76 61 72 20 67 3d 44 64 3b 6e 75 6c 6c 21 3d 3d 67 3b 29 7b 69 66 28 21 65 7c 7c 21 7a 26 26 30 3d 3d 3d 67 2e 74 61 67 29 69 66 28 30 21 3d 3d 64 29 7b 76 61 72 20 68 3d 67 2e 70 65 6e 64 69 6e 67 4c 61 6e 65 73 3b 69 66 28 30 3d 3d 3d 68 29 76 61 72 20 69 3d 30 3b 65 6c 73 65 7b 76 61 72 20 6a 3d 67 2e 73 75 73 70 65 6e 64 65 64 4c 61 6e 65 73 2c 6b 3d 67 2e 70 69 6e 67 65 64 4c 61 6e 65 73 3b 69 3d 28 31 3c 3c 33 31 2d 73 62 28 34 32 7c 64 29
                                                                                                                                                                                                                                                                                      Data Ascii: :Ed=Ed.next=d),Gd=!0,Fd||(Fd=!0,Pd(Ld)),t||Md(d,fb())}function Kd(d,e){if(!Hd&&Gd){Hd=!0;do{var f=!1;for(var g=Dd;null!==g;){if(!e||!z&&0===g.tag)if(0!==d){var h=g.pendingLanes;if(0===h)var i=0;else{var j=g.suspendedLanes,k=g.pingedLanes;i=(1<<31-sb(42|d)
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:22 UTC1500INData Raw: 61 74 61 3a 77 3f 67 2e 64 61 74 61 3a 67 2e 64 61 74 61 2e 6d 61 70 28 66 75 6e 63 74 69 6f 6e 28 64 29 7b 72 65 74 75 72 6e 20 64 2e 73 6c 69 63 65 28 29 7d 29 2c 69 6e 64 65 78 3a 30 7d 29 29 29 7d 6e 75 6c 6c 3d 3d 65 26 26 28 65 3d 7b 64 61 74 61 3a 5b 5d 2c 69 6e 64 65 78 3a 30 7d 29 3b 6e 75 6c 6c 3d 3d 3d 66 26 26 28 66 3d 65 66 28 29 2c 48 2e 75 70 64 61 74 65 51 75 65 75 65 3d 66 29 3b 66 2e 6d 65 6d 6f 43 61 63 68 65 3d 65 3b 66 3d 65 2e 64 61 74 61 5b 65 2e 69 6e 64 65 78 5d 3b 69 66 28 76 6f 69 64 20 30 3d 3d 3d 66 29 66 6f 72 28 66 3d 65 2e 64 61 74 61 5b 65 2e 69 6e 64 65 78 5d 3d 41 72 72 61 79 28 64 29 2c 67 3d 30 3b 67 3c 64 3b 67 2b 2b 29 66 5b 67 5d 3d 47 61 3b 65 2e 69 6e 64 65 78 2b 2b 3b 72 65 74 75 72 6e 20 66 7d 66 75 6e 63 74 69
                                                                                                                                                                                                                                                                                      Data Ascii: ata:w?g.data:g.data.map(function(d){return d.slice()}),index:0})))}null==e&&(e={data:[],index:0});null===f&&(f=ef(),H.updateQueue=f);f.memoCache=e;f=e.data[e.index];if(void 0===f)for(f=e.data[e.index]=Array(d),g=0;g<d;g++)f[g]=Ga;e.index++;return f}functi
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:22 UTC14884INData Raw: 74 65 3d 69 7d 6e 75 6c 6c 3d 3d 3d 68 26 26 28 67 2e 6c 61 6e 65 73 3d 30 29 3b 72 65 74 75 72 6e 5b 65 2e 6d 65 6d 6f 69 7a 65 64 53 74 61 74 65 2c 67 2e 64 69 73 70 61 74 63 68 5d 7d 66 75 6e 63 74 69 6f 6e 20 6d 66 28 64 29 7b 76 61 72 20 65 3d 4c 28 29 2c 66 3d 65 2e 71 75 65 75 65 3b 69 66 28 6e 75 6c 6c 3d 3d 3d 66 29 74 68 72 6f 77 20 45 72 72 6f 72 28 6e 28 33 31 31 29 29 3b 66 2e 6c 61 73 74 52 65 6e 64 65 72 65 64 52 65 64 75 63 65 72 3d 64 3b 76 61 72 20 67 3d 66 2e 64 69 73 70 61 74 63 68 2c 68 3d 66 2e 70 65 6e 64 69 6e 67 2c 69 3d 65 2e 6d 65 6d 6f 69 7a 65 64 53 74 61 74 65 3b 69 66 28 6e 75 6c 6c 21 3d 3d 68 29 7b 66 2e 70 65 6e 64 69 6e 67 3d 6e 75 6c 6c 3b 76 61 72 20 6a 3d 68 3d 68 2e 6e 65 78 74 3b 64 6f 20 69 3d 64 28 69 2c 6a 2e 61
                                                                                                                                                                                                                                                                                      Data Ascii: te=i}null===h&&(g.lanes=0);return[e.memoizedState,g.dispatch]}function mf(d){var e=L(),f=e.queue;if(null===f)throw Error(n(311));f.lastRenderedReducer=d;var g=f.dispatch,h=f.pending,i=e.memoizedState;if(null!==h){f.pending=null;var j=h=h.next;do i=d(i,j.a
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:22 UTC16384INData Raw: 69 6e 64 6f 77 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 2e 45 72 72 6f 72 45 76 65 6e 74 29 7b 76 61 72 20 65 3d 6e 65 77 20 77 69 6e 64 6f 77 2e 45 72 72 6f 72 45 76 65 6e 74 28 22 65 72 72 6f 72 22 2c 7b 62 75 62 62 6c 65 73 3a 21 30 2c 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 2c 6d 65 73 73 61 67 65 3a 22 6f 62 6a 65 63 74 22 3d 3d 3d 74 79 70 65 6f 66 20 64 26 26 6e 75 6c 6c 21 3d 3d 64 26 26 22 73 74 72 69 6e 67 22 3d 3d 3d 74 79 70 65 6f 66 20 64 2e 6d 65 73 73 61 67 65 3f 53 74 72 69 6e 67 28 64 2e 6d 65 73 73 61 67 65 29 3a 53 74 72 69 6e 67 28 64 29 2c 65 72 72 6f 72 3a 64 7d 29 3b 69 66 28 21 77 69 6e 64 6f 77 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66
                                                                                                                                                                                                                                                                                      Data Ascii: indow&&"function"===typeof window.ErrorEvent){var e=new window.ErrorEvent("error",{bubbles:!0,cancelable:!0,message:"object"===typeof d&&null!==d&&"string"===typeof d.message?String(d.message):String(d),error:d});if(!window.dispatchEvent(e))return}else if
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:22 UTC16384INData Raw: 2c 67 29 3b 69 66 28 7a 7c 7c 30 21 3d 3d 28 66 2e 6d 6f 64 65 26 31 29 29 73 77 69 74 63 68 28 68 29 7b 63 61 73 65 22 66 6f 72 77 61 72 64 73 22 3a 65 3d 66 2e 63 68 69 6c 64 3b 66 6f 72 28 68 3d 6e 75 6c 6c 3b 6e 75 6c 6c 21 3d 3d 65 3b 29 64 3d 65 2e 61 6c 74 65 72 6e 61 74 65 2c 6e 75 6c 6c 21 3d 3d 64 26 26 6e 75 6c 6c 3d 3d 3d 4d 65 28 64 29 26 26 28 68 3d 65 29 2c 65 3d 65 2e 73 69 62 6c 69 6e 67 3b 65 3d 68 3b 6e 75 6c 6c 3d 3d 3d 65 3f 28 68 3d 66 2e 63 68 69 6c 64 2c 66 2e 63 68 69 6c 64 3d 6e 75 6c 6c 29 3a 28 68 3d 65 2e 73 69 62 6c 69 6e 67 2c 65 2e 73 69 62 6c 69 6e 67 3d 6e 75 6c 6c 29 3b 69 68 28 66 2c 21 31 2c 68 2c 65 2c 69 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 62 61 63 6b 77 61 72 64 73 22 3a 65 3d 6e 75 6c 6c 3b 68 3d 66 2e 63 68 69
                                                                                                                                                                                                                                                                                      Data Ascii: ,g);if(z||0!==(f.mode&1))switch(h){case"forwards":e=f.child;for(h=null;null!==e;)d=e.alternate,null!==d&&null===Me(d)&&(h=e),e=e.sibling;e=h;null===e?(h=f.child,f.child=null):(h=e.sibling,e.sibling=null);ih(f,!1,h,e,i);break;case"backwards":e=null;h=f.chi
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:22 UTC14884INData Raw: 65 65 46 6c 61 67 73 3d 30 3b 64 3d 65 3b 66 6f 72 28 65 3d 66 2e 63 68 69 6c 64 3b 6e 75 6c 6c 21 3d 3d 65 3b 29 4b 6b 28 65 2c 64 29 2c 65 3d 65 2e 73 69 62 6c 69 6e 67 3b 44 28 47 2c 47 2e 63 75 72 72 65 6e 74 26 31 7c 32 29 3b 72 65 74 75 72 6e 20 66 2e 63 68 69 6c 64 7d 64 3d 64 2e 73 69 62 6c 69 6e 67 7d 6e 75 6c 6c 21 3d 3d 68 2e 74 61 69 6c 26 26 66 62 28 29 3e 44 6a 26 26 28 66 2e 66 6c 61 67 73 7c 3d 31 32 38 2c 67 3d 21 30 2c 62 69 28 68 2c 21 31 29 2c 66 2e 6c 61 6e 65 73 3d 34 31 39 34 33 30 34 29 7d 65 6c 73 65 7b 69 66 28 21 67 29 69 66 28 64 3d 4d 65 28 69 29 2c 6e 75 6c 6c 21 3d 3d 64 29 7b 69 66 28 66 2e 66 6c 61 67 73 7c 3d 31 32 38 2c 67 3d 21 30 2c 64 3d 64 2e 75 70 64 61 74 65 51 75 65 75 65 2c 66 2e 75 70 64 61 74 65 51 75 65 75 65
                                                                                                                                                                                                                                                                                      Data Ascii: eeFlags=0;d=e;for(e=f.child;null!==e;)Kk(e,d),e=e.sibling;D(G,G.current&1|2);return f.child}d=d.sibling}null!==h.tail&&fb()>Dj&&(f.flags|=128,g=!0,bi(h,!1),f.lanes=4194304)}else{if(!g)if(d=Me(i),null!==d){if(f.flags|=128,g=!0,d=d.updateQueue,f.updateQueue


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      86192.168.2.849876157.240.26.27443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC647OUTGET /v/t39.30808-1/305658665_411128564497493_3948090867100769521_n.jpg?stp=cp0_dst-jpg_s50x50&_nc_cat=110&ccb=1-7&_nc_sid=6738e8&_nc_ohc=ILFttH4rPpYQ7kNvgEXQC67&_nc_ht=scontent-msp1-1.xx&edm=AEDRbFQEAAAA&_nc_gid=A4syIzp1y9Bx-a7cihdwta0&oh=00_AYA9WCkZOMo01cK7VhGgG8y9efecxW6MGJWI6xwYX39svg&oe=670A2166 HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: scontent-msp1-1.xx.fbcdn.net
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC580INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      x-additional-error-detail:
                                                                                                                                                                                                                                                                                      Last-Modified: Sat, 10 Sep 2022 00:32:13 GMT
                                                                                                                                                                                                                                                                                      X-Needle-Checksum: 945752733
                                                                                                                                                                                                                                                                                      Content-Type: image/jpeg
                                                                                                                                                                                                                                                                                      content-digest: adler32=3505093760
                                                                                                                                                                                                                                                                                      cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                                                      timing-allow-origin: *
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=1209600, no-transform
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:21 GMT
                                                                                                                                                                                                                                                                                      X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=30, rtx=0, c=14, mss=1392, tbw=3409, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 1280
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1INData Raw: ff
                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:21 UTC1279INData Raw: d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ed 00 84 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 68 1c 02 28 00 62 46 42 4d 44 30 61 30 30 30 61 36 61 30 31 30 30 30 30 63 36 30 31 30 30 30 30 33 61 30 32 30 30 30 30 36 30 30 32 30 30 30 30 39 61 30 32 30 30 30 30 32 62 30 33 30 30 30 30 61 61 30 33 30 30 30 30 65 30 30 33 30 30 30 30 30 62 30 34 30 30 30 30 34 32 30 34 30 30 30 30 30 30 30 35 30 30 30 30 00 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28
                                                                                                                                                                                                                                                                                      Data Ascii: JFIFPhotoshop 3.08BIMh(bFBMD0a000a6a010000c60100003a020000600200009a0200002b030000aa030000e00300000b0400004204000000050000C%# , #&')*)-0-(0%()(C(((((((((((((((


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      87192.168.2.849877157.240.251.9443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:22 UTC375OUTGET /rsrc.php/v3/yw/r/UXtr_j2Fwe-.png HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: static.xx.fbcdn.net
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:22 UTC1875INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Content-Type: image/png
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                                                                                                                                                                                                                      content-md5: 07aG/2AEtDHVAZ5LUajMDQ==
                                                                                                                                                                                                                                                                                      Expires: Sat, 04 Oct 2025 00:51:41 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: public,max-age=31536000,immutable
                                                                                                                                                                                                                                                                                      report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                                                                                      timing-allow-origin: *
                                                                                                                                                                                                                                                                                      document-policy: force-load-at-top
                                                                                                                                                                                                                                                                                      permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                                                                                                                                                                                                                                                      cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                                                                                      origin-agent-cluster: ?1
                                                                                                                                                                                                                                                                                      X-FB-Debug: MTrtwApSXi/ng4nh2X6nxDzZSdqZX2A4vq9sG4SdT7xxfgzo+LEzO4TVxkfkF8kfydJ+wkuO+E//uFx+fdL19A==
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:22 GMT
                                                                                                                                                                                                                                                                                      X-FB-Connection-Quality: GOOD; q=0.7, rtt=91, rtx=0, c=14, mss=1392, tbw=3409, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 573
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:22 UTC1INData Raw: 89
                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:22 UTC572INData Raw: 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0d 00 00 00 27 08 03 00 00 00 e3 02 32 1e 00 00 00 f0 50 4c 54 45 47 70 4c 57 5e 6d 67 6e 7d 64 6b 7a 65 6c 7b 63 6a 79 66 6d 7c 60 67 76 5c 63 72 5d 64 73 50 57 66 55 5c 6b 53 5a 69 56 5d 6c 51 58 67 51 58 67 62 69 78 50 57 66 59 60 6f 59 60 6f 52 59 68 50 57 66 55 5c 6b 67 6e 7d 57 5e 6d 67 6e 7d 51 58 67 64 6b 7a 60 67 76 5c 63 72 5d 64 73 55 5c 6b 5a 61 70 57 5e 6d 63 6a 79 51 58 67 96 96 96 3a 58 97 e9 ea ed 97 97 97 3d 5a 98 6a 71 80 ca ca cc a7 b3 cd b0 b0 b1 70 85 b2 68 6f 7e bf c0 c1 90 a0 c1 67 6e 7d 5f 66 75 a6 a6 a7 63 6a 79 5c 74 a8 d4 d4 d6 5b 62 71 65 6c 7b bc c4 d7 66 6d 7c 5e 65 74 58 5f 6e 60 67 76 a4 b1 cb c8 c9 cb 80 92 b9 b7 b8 b9 61 68 77 b5 b6 b7 a8 a8 a9 df df e2 c5 c5 c7 7c 8f
                                                                                                                                                                                                                                                                                      Data Ascii: PNGIHDR'2PLTEGpLW^mgn}dkzel{cjyfm|`gv\cr]dsPWfU\kSZiV]lQXgQXgbixPWfY`oY`oRYhPWfU\kgn}W^mgn}QXgdkz`gv\cr]dsU\kZapW^mcjyQXg:X=Zjqpho~gn}_fucjy\t[bqel{fm|^etX_n`gvahw|


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      88192.168.2.849880157.240.251.9443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:23 UTC374OUTGET /rsrc.php/v3/yR/r/PNStWZQ9T-1.js HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: static.xx.fbcdn.net
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:23 UTC1931INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                      Content-Type: application/x-javascript; charset=utf-8
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                                                                                                                                                                                                                      content-md5: k+2RyC/jk5c91j6uD4Secw==
                                                                                                                                                                                                                                                                                      Expires: Thu, 02 Oct 2025 20:38:05 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: public,max-age=31536000,immutable
                                                                                                                                                                                                                                                                                      report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                                                                                      timing-allow-origin: *
                                                                                                                                                                                                                                                                                      document-policy: force-load-at-top
                                                                                                                                                                                                                                                                                      permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                                                                                                                                                                                                                                                      cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                                                                                      origin-agent-cluster: ?1
                                                                                                                                                                                                                                                                                      X-FB-Debug: N44fWaMwLyMRoYATajUpcAQzjtPfRc4yz1bgk5eMHANZjZct5gTGQIBoV0+IroO0mznmJIj2qwNzJNVpBUpz+w==
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:23 GMT
                                                                                                                                                                                                                                                                                      X-FB-Connection-Quality: GOOD; q=0.7, rtt=88, rtx=1, c=14, mss=1392, tbw=3409, tp=-1, tpl=-1, uplat=2, ullat=-1
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 225285
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:23 UTC1INData Raw: 3b
                                                                                                                                                                                                                                                                                      Data Ascii: ;
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:23 UTC15870INData Raw: 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 5f 5f 64 28 22 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 49 6d 70 6c 46 6f 72 42 6c 75 65 22 2c 5b 22 45 76 65 6e 74 22 2c 22 54 69 6d 65 53 6c 69 63 65 22 2c 22 65 6d 70 74 79 46 75 6e 63 74 69 6f 6e 22 2c 22 73 65 74 49 6d 6d 65 64 69 61 74 65 41 63 72 6f 73 73 54 72 61 6e 73 69 74 69 6f 6e 73 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 66 75 6e 63 74 69 6f 6e 20 68 28 61 2c 62 2c 64 2c 65 29 7b 76 61 72 20 66 3d 63 28 22 54 69 6d 65 53 6c 69 63 65 22 29 2e 67 75 61 72 64 28 64 2c 22 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 20 63 61 70 74 75 72 65 20 22 2b 62 29 3b 69 66 28 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 29 7b 61 2e 61 64 64 45 76 65 6e 74 4c
                                                                                                                                                                                                                                                                                      Data Ascii: /*FB_PKG_DELIM*/__d("EventListenerImplForBlue",["Event","TimeSlice","emptyFunction","setImmediateAcrossTransitions"],(function(a,b,c,d,e,f,g){function h(a,b,d,e){var f=c("TimeSlice").guard(d,"EventListener capture "+b);if(a.addEventListener){a.addEventL
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:23 UTC16384INData Raw: 2e 65 78 70 69 72 61 74 69 6f 6e 54 69 6d 65 3e 64 26 26 4a 28 29 29 3b 29 7b 76 61 72 20 67 3d 63 2e 63 61 6c 6c 62 61 63 6b 3b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 3d 74 79 70 65 6f 66 20 67 29 7b 63 2e 63 61 6c 6c 62 61 63 6b 3d 6e 75 6c 6c 3b 77 3d 63 2e 70 72 69 6f 72 69 74 79 4c 65 76 65 6c 3b 67 3d 67 28 63 2e 65 78 70 69 72 61 74 69 6f 6e 54 69 6d 65 3c 3d 64 29 3b 64 3d 68 2e 75 6e 73 74 61 62 6c 65 5f 6e 6f 77 28 29 3b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 3d 74 79 70 65 6f 66 20 67 29 7b 63 2e 63 61 6c 6c 62 61 63 6b 3d 67 3b 44 28 64 29 3b 65 3d 21 30 3b 62 72 65 61 6b 20 62 7d 63 3d 3d 3d 6d 28 73 29 26 26 6e 28 73 29 3b 44 28 64 29 7d 65 6c 73 65 20 6e 28 73 29 3b 63 3d 6d 28 73 29 7d 69 66 28 6e 75 6c 6c 21 3d 3d 63 29 65 3d
                                                                                                                                                                                                                                                                                      Data Ascii: .expirationTime>d&&J());){var g=c.callback;if("function"===typeof g){c.callback=null;w=c.priorityLevel;g=g(c.expirationTime<=d);d=h.unstable_now();if("function"===typeof g){c.callback=g;D(d);e=!0;break b}c===m(s)&&n(s);D(d)}else n(s);c=m(s)}if(null!==c)e=
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:23 UTC16384INData Raw: 4b 62 5b 4c 62 5d 3d 6e 75 6c 6c 2c 4c 62 2d 2d 29 7d 66 75 6e 63 74 69 6f 6e 20 44 28 64 2c 65 29 7b 4c 62 2b 2b 2c 4b 62 5b 4c 62 5d 3d 64 2e 63 75 72 72 65 6e 74 2c 64 2e 63 75 72 72 65 6e 74 3d 65 7d 76 61 72 20 4d 62 3d 67 28 6e 75 6c 6c 29 2c 4e 62 3d 67 28 6e 75 6c 6c 29 2c 4f 62 3d 67 28 6e 75 6c 6c 29 2c 50 62 3d 67 28 6e 75 6c 6c 29 3b 66 75 6e 63 74 69 6f 6e 20 51 62 28 64 2c 65 29 7b 44 28 4f 62 2c 65 29 3b 44 28 4e 62 2c 64 29 3b 44 28 4d 62 2c 6e 75 6c 6c 29 3b 64 3d 65 2e 6e 6f 64 65 54 79 70 65 3b 73 77 69 74 63 68 28 64 29 7b 63 61 73 65 20 39 3a 63 61 73 65 20 31 31 3a 65 3d 28 65 3d 65 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 29 3f 28 65 3d 65 2e 6e 61 6d 65 73 70 61 63 65 55 52 49 29 3f 6a 6e 28 65 29 3a 30 3a 30 3b 62 72 65 61
                                                                                                                                                                                                                                                                                      Data Ascii: Kb[Lb]=null,Lb--)}function D(d,e){Lb++,Kb[Lb]=d.current,d.current=e}var Mb=g(null),Nb=g(null),Ob=g(null),Pb=g(null);function Qb(d,e){D(Ob,e);D(Nb,d);D(Mb,null);d=e.nodeType;switch(d){case 9:case 11:e=(e=e.documentElement)?(e=e.namespaceURI)?jn(e):0:0;brea
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:23 UTC16384INData Raw: 3a 45 64 3d 45 64 2e 6e 65 78 74 3d 64 29 2c 47 64 3d 21 30 2c 46 64 7c 7c 28 46 64 3d 21 30 2c 50 64 28 4c 64 29 29 2c 74 7c 7c 4d 64 28 64 2c 66 62 28 29 29 7d 66 75 6e 63 74 69 6f 6e 20 4b 64 28 64 2c 65 29 7b 69 66 28 21 48 64 26 26 47 64 29 7b 48 64 3d 21 30 3b 64 6f 7b 76 61 72 20 66 3d 21 31 3b 66 6f 72 28 76 61 72 20 67 3d 44 64 3b 6e 75 6c 6c 21 3d 3d 67 3b 29 7b 69 66 28 21 65 7c 7c 21 7a 26 26 30 3d 3d 3d 67 2e 74 61 67 29 69 66 28 30 21 3d 3d 64 29 7b 76 61 72 20 68 3d 67 2e 70 65 6e 64 69 6e 67 4c 61 6e 65 73 3b 69 66 28 30 3d 3d 3d 68 29 76 61 72 20 69 3d 30 3b 65 6c 73 65 7b 76 61 72 20 6a 3d 67 2e 73 75 73 70 65 6e 64 65 64 4c 61 6e 65 73 2c 6b 3d 67 2e 70 69 6e 67 65 64 4c 61 6e 65 73 3b 69 3d 28 31 3c 3c 33 31 2d 73 62 28 34 32 7c 64 29
                                                                                                                                                                                                                                                                                      Data Ascii: :Ed=Ed.next=d),Gd=!0,Fd||(Fd=!0,Pd(Ld)),t||Md(d,fb())}function Kd(d,e){if(!Hd&&Gd){Hd=!0;do{var f=!1;for(var g=Dd;null!==g;){if(!e||!z&&0===g.tag)if(0!==d){var h=g.pendingLanes;if(0===h)var i=0;else{var j=g.suspendedLanes,k=g.pingedLanes;i=(1<<31-sb(42|d)
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:23 UTC1500INData Raw: 61 74 61 3a 77 3f 67 2e 64 61 74 61 3a 67 2e 64 61 74 61 2e 6d 61 70 28 66 75 6e 63 74 69 6f 6e 28 64 29 7b 72 65 74 75 72 6e 20 64 2e 73 6c 69 63 65 28 29 7d 29 2c 69 6e 64 65 78 3a 30 7d 29 29 29 7d 6e 75 6c 6c 3d 3d 65 26 26 28 65 3d 7b 64 61 74 61 3a 5b 5d 2c 69 6e 64 65 78 3a 30 7d 29 3b 6e 75 6c 6c 3d 3d 3d 66 26 26 28 66 3d 65 66 28 29 2c 48 2e 75 70 64 61 74 65 51 75 65 75 65 3d 66 29 3b 66 2e 6d 65 6d 6f 43 61 63 68 65 3d 65 3b 66 3d 65 2e 64 61 74 61 5b 65 2e 69 6e 64 65 78 5d 3b 69 66 28 76 6f 69 64 20 30 3d 3d 3d 66 29 66 6f 72 28 66 3d 65 2e 64 61 74 61 5b 65 2e 69 6e 64 65 78 5d 3d 41 72 72 61 79 28 64 29 2c 67 3d 30 3b 67 3c 64 3b 67 2b 2b 29 66 5b 67 5d 3d 47 61 3b 65 2e 69 6e 64 65 78 2b 2b 3b 72 65 74 75 72 6e 20 66 7d 66 75 6e 63 74 69
                                                                                                                                                                                                                                                                                      Data Ascii: ata:w?g.data:g.data.map(function(d){return d.slice()}),index:0})))}null==e&&(e={data:[],index:0});null===f&&(f=ef(),H.updateQueue=f);f.memoCache=e;f=e.data[e.index];if(void 0===f)for(f=e.data[e.index]=Array(d),g=0;g<d;g++)f[g]=Ga;e.index++;return f}functi
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:23 UTC14884INData Raw: 74 65 3d 69 7d 6e 75 6c 6c 3d 3d 3d 68 26 26 28 67 2e 6c 61 6e 65 73 3d 30 29 3b 72 65 74 75 72 6e 5b 65 2e 6d 65 6d 6f 69 7a 65 64 53 74 61 74 65 2c 67 2e 64 69 73 70 61 74 63 68 5d 7d 66 75 6e 63 74 69 6f 6e 20 6d 66 28 64 29 7b 76 61 72 20 65 3d 4c 28 29 2c 66 3d 65 2e 71 75 65 75 65 3b 69 66 28 6e 75 6c 6c 3d 3d 3d 66 29 74 68 72 6f 77 20 45 72 72 6f 72 28 6e 28 33 31 31 29 29 3b 66 2e 6c 61 73 74 52 65 6e 64 65 72 65 64 52 65 64 75 63 65 72 3d 64 3b 76 61 72 20 67 3d 66 2e 64 69 73 70 61 74 63 68 2c 68 3d 66 2e 70 65 6e 64 69 6e 67 2c 69 3d 65 2e 6d 65 6d 6f 69 7a 65 64 53 74 61 74 65 3b 69 66 28 6e 75 6c 6c 21 3d 3d 68 29 7b 66 2e 70 65 6e 64 69 6e 67 3d 6e 75 6c 6c 3b 76 61 72 20 6a 3d 68 3d 68 2e 6e 65 78 74 3b 64 6f 20 69 3d 64 28 69 2c 6a 2e 61
                                                                                                                                                                                                                                                                                      Data Ascii: te=i}null===h&&(g.lanes=0);return[e.memoizedState,g.dispatch]}function mf(d){var e=L(),f=e.queue;if(null===f)throw Error(n(311));f.lastRenderedReducer=d;var g=f.dispatch,h=f.pending,i=e.memoizedState;if(null!==h){f.pending=null;var j=h=h.next;do i=d(i,j.a
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:23 UTC16384INData Raw: 69 6e 64 6f 77 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 2e 45 72 72 6f 72 45 76 65 6e 74 29 7b 76 61 72 20 65 3d 6e 65 77 20 77 69 6e 64 6f 77 2e 45 72 72 6f 72 45 76 65 6e 74 28 22 65 72 72 6f 72 22 2c 7b 62 75 62 62 6c 65 73 3a 21 30 2c 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 2c 6d 65 73 73 61 67 65 3a 22 6f 62 6a 65 63 74 22 3d 3d 3d 74 79 70 65 6f 66 20 64 26 26 6e 75 6c 6c 21 3d 3d 64 26 26 22 73 74 72 69 6e 67 22 3d 3d 3d 74 79 70 65 6f 66 20 64 2e 6d 65 73 73 61 67 65 3f 53 74 72 69 6e 67 28 64 2e 6d 65 73 73 61 67 65 29 3a 53 74 72 69 6e 67 28 64 29 2c 65 72 72 6f 72 3a 64 7d 29 3b 69 66 28 21 77 69 6e 64 6f 77 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66
                                                                                                                                                                                                                                                                                      Data Ascii: indow&&"function"===typeof window.ErrorEvent){var e=new window.ErrorEvent("error",{bubbles:!0,cancelable:!0,message:"object"===typeof d&&null!==d&&"string"===typeof d.message?String(d.message):String(d),error:d});if(!window.dispatchEvent(e))return}else if
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:23 UTC16384INData Raw: 2c 67 29 3b 69 66 28 7a 7c 7c 30 21 3d 3d 28 66 2e 6d 6f 64 65 26 31 29 29 73 77 69 74 63 68 28 68 29 7b 63 61 73 65 22 66 6f 72 77 61 72 64 73 22 3a 65 3d 66 2e 63 68 69 6c 64 3b 66 6f 72 28 68 3d 6e 75 6c 6c 3b 6e 75 6c 6c 21 3d 3d 65 3b 29 64 3d 65 2e 61 6c 74 65 72 6e 61 74 65 2c 6e 75 6c 6c 21 3d 3d 64 26 26 6e 75 6c 6c 3d 3d 3d 4d 65 28 64 29 26 26 28 68 3d 65 29 2c 65 3d 65 2e 73 69 62 6c 69 6e 67 3b 65 3d 68 3b 6e 75 6c 6c 3d 3d 3d 65 3f 28 68 3d 66 2e 63 68 69 6c 64 2c 66 2e 63 68 69 6c 64 3d 6e 75 6c 6c 29 3a 28 68 3d 65 2e 73 69 62 6c 69 6e 67 2c 65 2e 73 69 62 6c 69 6e 67 3d 6e 75 6c 6c 29 3b 69 68 28 66 2c 21 31 2c 68 2c 65 2c 69 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 62 61 63 6b 77 61 72 64 73 22 3a 65 3d 6e 75 6c 6c 3b 68 3d 66 2e 63 68 69
                                                                                                                                                                                                                                                                                      Data Ascii: ,g);if(z||0!==(f.mode&1))switch(h){case"forwards":e=f.child;for(h=null;null!==e;)d=e.alternate,null!==d&&null===Me(d)&&(h=e),e=e.sibling;e=h;null===e?(h=f.child,f.child=null):(h=e.sibling,e.sibling=null);ih(f,!1,h,e,i);break;case"backwards":e=null;h=f.chi
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:23 UTC14884INData Raw: 65 65 46 6c 61 67 73 3d 30 3b 64 3d 65 3b 66 6f 72 28 65 3d 66 2e 63 68 69 6c 64 3b 6e 75 6c 6c 21 3d 3d 65 3b 29 4b 6b 28 65 2c 64 29 2c 65 3d 65 2e 73 69 62 6c 69 6e 67 3b 44 28 47 2c 47 2e 63 75 72 72 65 6e 74 26 31 7c 32 29 3b 72 65 74 75 72 6e 20 66 2e 63 68 69 6c 64 7d 64 3d 64 2e 73 69 62 6c 69 6e 67 7d 6e 75 6c 6c 21 3d 3d 68 2e 74 61 69 6c 26 26 66 62 28 29 3e 44 6a 26 26 28 66 2e 66 6c 61 67 73 7c 3d 31 32 38 2c 67 3d 21 30 2c 62 69 28 68 2c 21 31 29 2c 66 2e 6c 61 6e 65 73 3d 34 31 39 34 33 30 34 29 7d 65 6c 73 65 7b 69 66 28 21 67 29 69 66 28 64 3d 4d 65 28 69 29 2c 6e 75 6c 6c 21 3d 3d 64 29 7b 69 66 28 66 2e 66 6c 61 67 73 7c 3d 31 32 38 2c 67 3d 21 30 2c 64 3d 64 2e 75 70 64 61 74 65 51 75 65 75 65 2c 66 2e 75 70 64 61 74 65 51 75 65 75 65
                                                                                                                                                                                                                                                                                      Data Ascii: eeFlags=0;d=e;for(e=f.child;null!==e;)Kk(e,d),e=e.sibling;D(G,G.current&1|2);return f.child}d=d.sibling}null!==h.tail&&fb()>Dj&&(f.flags|=128,g=!0,bi(h,!1),f.lanes=4194304)}else{if(!g)if(d=Me(i),null!==d){if(f.flags|=128,g=!0,d=d.updateQueue,f.updateQueue


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      89192.168.2.849881104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:23 UTC936OUTPOST /cdn-cgi/rum? HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Content-Length: 1608
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      content-type: application/json
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Origin: https://www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878; _ga=GA1.1.2068184034.1728340878; _ga_DM0MT881VN=GS1.1.1728340877.1.0.1728340878.0.0.0
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:23 UTC1608OUTData Raw: 7b 22 6d 65 6d 6f 72 79 22 3a 7b 22 74 6f 74 61 6c 4a 53 48 65 61 70 53 69 7a 65 22 3a 31 30 32 36 34 31 34 30 2c 22 75 73 65 64 4a 53 48 65 61 70 53 69 7a 65 22 3a 35 37 36 37 31 34 34 2c 22 6a 73 48 65 61 70 53 69 7a 65 4c 69 6d 69 74 22 3a 32 31 37 32 36 34 39 34 37 32 7d 2c 22 72 65 73 6f 75 72 63 65 73 22 3a 5b 5d 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 65 76 65 6e 74 54 79 70 65 22 3a 31 2c 22 66 69 72 73 74 50 61 69 6e 74 22 3a 37 35 39 32 2e 38 39 39 39 39 39 39 39 39 39 39 34 2c 22 66 69 72 73 74 43 6f 6e 74 65 6e 74 66 75 6c 50 61 69 6e 74 22 3a 37 35 39 32 2e 38 39 39 39 39 39 39 39 39 39 39 34 2c 22 73 74 61 72 74 54 69 6d 65 22 3a 31 37 32 38 33 34 30 38 36 39 31 34 33 2e 32 2c 22 76 65 72 73 69 6f 6e 73 22 3a 7b 22 66 6c 22 3a 22 32
                                                                                                                                                                                                                                                                                      Data Ascii: {"memory":{"totalJSHeapSize":10264140,"usedJSHeapSize":5767144,"jsHeapSizeLimit":2172649472},"resources":[],"referrer":"","eventType":1,"firstPaint":7592.899999999994,"firstContentfulPaint":7592.899999999994,"startTime":1728340869143.2,"versions":{"fl":"2
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:23 UTC383INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:23 GMT
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      access-control-allow-origin: https://www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      access-control-allow-methods: POST,OPTIONS
                                                                                                                                                                                                                                                                                      access-control-max-age: 86400
                                                                                                                                                                                                                                                                                      vary: Origin
                                                                                                                                                                                                                                                                                      access-control-allow-credentials: true
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165f83d0a15d7-EWR
                                                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      90192.168.2.849882104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:23 UTC920OUTGET /sites/default/files/favicon.ico HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                      Referer: https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878; _ga=GA1.1.2068184034.1728340878; _ga_DM0MT881VN=GS1.1.1728340877.1.0.1728340878.0.0.0
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:23 UTC689INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:23 GMT
                                                                                                                                                                                                                                                                                      Content-Type: image/x-icon
                                                                                                                                                                                                                                                                                      Content-Length: 1150
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 10 Jul 2013 13:26:46 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 03 Nov 2024 00:42:11 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 338352
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kYGHOi7ibSxOstNz6V%2FPZ18wdfiH56ieYMwSq1b3lRPUxhRFPSUHw5GJvynvjjI9GFHRScYjFoM4XrPqJKfcGEziOq4ADi0SdqxmwckStaTjVhvWVlgADgID4G0r2sYIh6lOtHXOtQs3AgETKg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165f87c4e7d02-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:23 UTC680INData Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6b 6b 6d 01 6a 6b 6e 01 00 00 00 00 71 6a 65 1b 6a 71 78 71 59 75 91 b1 4f 76 9f cc 4f 76 9f cc 59 75 91 b1 6a 71 78 71 71 6a 65 1b 00 00 00 00 6a 6b 6e 01 6b 6b 6d 01 00 00 00 00 6b 6b 6d 01 6a 6b 6e 02 00 00 00 00 6c 6f 72 63 45 77 aa dc 1d 72 d0 ff 0a 6a d8 ff 04 66 d9 ff 04 66 d9 ff 0a 6a d8 ff 1d 72 d0 ff 45 77 aa dc 6c 6f 72 63 00 00 00 00 6a 6b 6e 02 6b 6b 6d 01 6b 6b 6e 02 00 00 00 00 68 71 7a 85 28 78 ce ff 00 65 e2 ff 00 5a d8 fe 00 5b d6 fd 00 5f d6 fe 00 60 d6 fe 00 5b d6 fd 00 5a d8 fe 00 65 e2 ff 28 78 ce ff 68 71 7a 85 00 00 00 00 6b 6b 6e 02 00
                                                                                                                                                                                                                                                                                      Data Ascii: h( kkmjknqjejqxqYuOvOvYujqxqqjejknkkmkkmjknlorcEwrjffjrEwlorcjknkkmkknhqz(xeZ[_`[Ze(xhqzkkn
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:23 UTC470INData Raw: 89 ff 7a b9 c9 ff 4f b0 ff ff 4b a1 f9 fd 51 aa fd fe 91 a8 bb b7 c0 c5 c8 77 6f b4 f0 ff 5e af fd fe 60 ba ff ff 89 c4 d1 ff a4 a1 9e ff a3 aa a6 ff 77 d0 f2 ff 73 d1 f7 ff a2 ac a8 ff a4 a0 9e ff 89 c4 d2 ff 60 ba ff ff 5e af fd fe 6f b4 f0 ff c1 c5 c8 77 ea e5 e1 1d 99 ba d4 e6 76 c1 ff fe 74 c3 fe fd 9a cc d8 ff b8 b2 ad ff b6 b9 b3 ff 87 ce ee ff 84 cf f2 ff b4 ba b4 ff b9 b2 ac ff 9a cc d8 ff 74 c3 fe fd 76 c1 ff fe 99 ba d4 e6 ea e5 e1 1d 00 00 00 00 ce cf d0 6c 97 c7 ec ff 8a ce ff fb 95 d2 f2 fe a1 d8 e8 ff 9f d7 ea ff 8f d0 f9 ff 8e cf fa ff 9f d7 ea ff a1 d8 e8 ff 95 d2 f2 fe 8a ce ff fb 97 c7 ec ff ce cf d0 6c 00 00 00 00 ff ff ff 02 00 00 00 00 c8 cc d0 96 a9 d2 ef ff 9e d8 ff ff 9a d6 ff fc 9a d5 ff fd 9c d3 fd fe 9d d2 fd fe 9a d5 ff fd 9a
                                                                                                                                                                                                                                                                                      Data Ascii: zOKQwo^`ws`^owvttvll


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      91192.168.2.849884104.21.11.4443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:24 UTC648OUTGET /sites/default/files/favicon.ico HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.highmotionsoftware.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      Cookie: __utma=1.319632712.1728340878.1728340878.1728340878.1; __utmc=1; __utmz=1.1728340878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=1.1.10.1728340878; _ga=GA1.1.2068184034.1728340878; _ga_DM0MT881VN=GS1.1.1728340877.1.0.1728340878.0.0.0
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:24 UTC701INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:24 GMT
                                                                                                                                                                                                                                                                                      Content-Type: image/x-icon
                                                                                                                                                                                                                                                                                      Content-Length: 1150
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      last-modified: Wed, 10 Jul 2013 13:26:46 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                      expires: Sun, 03 Nov 2024 00:42:11 GMT
                                                                                                                                                                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                      Age: 338353
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g9w07bjeylpCIqBah%2Be5BUG%2FoxE6Cd4PKWONAYrJT2SR8%2FkytToy9AMlM7J6DBLUJzDm9%2FZZNuE0ZxbFeG0sdwl4%2FhRsPLGmAGOESY%2Bczedm2gt39QBFLJSLUl9vgVIaO%2FgqN8RIO1tYRiv4nQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8cf165fee96a9e16-EWR
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:24 UTC668INData Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6b 6b 6d 01 6a 6b 6e 01 00 00 00 00 71 6a 65 1b 6a 71 78 71 59 75 91 b1 4f 76 9f cc 4f 76 9f cc 59 75 91 b1 6a 71 78 71 71 6a 65 1b 00 00 00 00 6a 6b 6e 01 6b 6b 6d 01 00 00 00 00 6b 6b 6d 01 6a 6b 6e 02 00 00 00 00 6c 6f 72 63 45 77 aa dc 1d 72 d0 ff 0a 6a d8 ff 04 66 d9 ff 04 66 d9 ff 0a 6a d8 ff 1d 72 d0 ff 45 77 aa dc 6c 6f 72 63 00 00 00 00 6a 6b 6e 02 6b 6b 6d 01 6b 6b 6e 02 00 00 00 00 68 71 7a 85 28 78 ce ff 00 65 e2 ff 00 5a d8 fe 00 5b d6 fd 00 5f d6 fe 00 60 d6 fe 00 5b d6 fd 00 5a d8 fe 00 65 e2 ff 28 78 ce ff 68 71 7a 85 00 00 00 00 6b 6b 6e 02 00
                                                                                                                                                                                                                                                                                      Data Ascii: h( kkmjknqjejqxqYuOvOvYujqxqqjejknkkmkkmjknlorcEwrjffjrEwlorcjknkkmkknhqz(xeZ[_`[Ze(xhqzkkn
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:24 UTC482INData Raw: c8 ff 78 c4 cb ff 8c 94 92 ff 91 8d 89 ff 7a b9 c9 ff 4f b0 ff ff 4b a1 f9 fd 51 aa fd fe 91 a8 bb b7 c0 c5 c8 77 6f b4 f0 ff 5e af fd fe 60 ba ff ff 89 c4 d1 ff a4 a1 9e ff a3 aa a6 ff 77 d0 f2 ff 73 d1 f7 ff a2 ac a8 ff a4 a0 9e ff 89 c4 d2 ff 60 ba ff ff 5e af fd fe 6f b4 f0 ff c1 c5 c8 77 ea e5 e1 1d 99 ba d4 e6 76 c1 ff fe 74 c3 fe fd 9a cc d8 ff b8 b2 ad ff b6 b9 b3 ff 87 ce ee ff 84 cf f2 ff b4 ba b4 ff b9 b2 ac ff 9a cc d8 ff 74 c3 fe fd 76 c1 ff fe 99 ba d4 e6 ea e5 e1 1d 00 00 00 00 ce cf d0 6c 97 c7 ec ff 8a ce ff fb 95 d2 f2 fe a1 d8 e8 ff 9f d7 ea ff 8f d0 f9 ff 8e cf fa ff 9f d7 ea ff a1 d8 e8 ff 95 d2 f2 fe 8a ce ff fb 97 c7 ec ff ce cf d0 6c 00 00 00 00 ff ff ff 02 00 00 00 00 c8 cc d0 96 a9 d2 ef ff 9e d8 ff ff 9a d6 ff fc 9a d5 ff fd 9c
                                                                                                                                                                                                                                                                                      Data Ascii: xzOKQwo^`ws`^owvttvll


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      92192.168.2.849885172.202.163.200443
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:50 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cL3SfTB3m4YLydf&MD=8HgmYluO HTTP/1.1
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                                                                                                      Host: slscr.update.microsoft.com
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:50 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                      Expires: -1
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                                                                                                      ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                                                                                                                                                                                                                      MS-CorrelationId: cbf97f08-d3f8-42f9-9bf5-e922f25760f7
                                                                                                                                                                                                                                                                                      MS-RequestId: a15f0c53-209e-48bf-b670-811ed6c386cc
                                                                                                                                                                                                                                                                                      MS-CV: FAzgsFk1nEygRNWB.0
                                                                                                                                                                                                                                                                                      X-Microsoft-SLSClientCache: 1440
                                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      Date: Mon, 07 Oct 2024 22:41:49 GMT
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 30005
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:50 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                                                                                                                                                                                                                      Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                                                                                                                                                                                                                      2024-10-07 22:41:50 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                                                                                                                                                                                                                      Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      93192.168.2.849893157.240.253.35443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:43:51 UTC1145OUTPOST /ajax/bz?__a=1&__ccg=GOOD&__dyn=7wKxa13wt8K2Wmh0Sw8W5U4e0yoW1DwfG1-wd-4o3Bw5VCwjE3awbG0MU2aw7Bx61vw5zw78w5Uw64w8W1uwc-0pa0h-0Lo6-0uS0ue0QU&__hs=20003.BP%3Aplugin_default_pkg.2.0..0.0&__hsi=7423167547787923565&__req=1&__rev=1017120959&__s=%3A%3Akwak1i&__sp=1&__user=0&dpr=1&jazoest=21864&lsd=zEMCM_Ae440ReJt2zgxGVr HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.facebook.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Content-Length: 1324
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----WebKitFormBoundarymgduv0DA2xWRdoky
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Origin: https://www.facebook.com
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Referer: https://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2FImBatch&width=550&height=290&show_faces=true&colorscheme=light&stream=false&border_color&header=true&appId=254901247880888
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:43:51 UTC1324OUTData Raw: 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 6d 67 64 75 76 30 44 41 32 78 57 52 64 6f 6b 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 73 22 0d 0a 0d 0a 31 37 32 38 33 34 31 30 32 39 36 31 34 0d 0a 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 6d 67 64 75 76 30 44 41 32 78 57 52 64 6f 6b 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 71 22 0d 0a 0d 0a 5b 7b 22 61 70 70 5f 69 64 22 3a 22 32 35 36 32 38 31 30 34 30 35 35 38 22 2c 22 70 6f 73 74 73 22 3a 22 6f 67 6a 77 65 31 74 62 49 6d 5a 68 62 47 4e 76 4f 6d 4a 79 62 33 64 7a 5a 58 4a 66 63 47 56 79
                                                                                                                                                                                                                                                                                      Data Ascii: ------WebKitFormBoundarymgduv0DA2xWRdokyContent-Disposition: form-data; name="ts"1728341029614------WebKitFormBoundarymgduv0DA2xWRdokyContent-Disposition: form-data; name="q"[{"app_id":"256281040558","posts":"ogjwe1tbImZhbGNvOmJyb3dzZXJfcGVy
                                                                                                                                                                                                                                                                                      2024-10-07 22:43:51 UTC747INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7423168206074247772", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                                                                                      report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7423168206074247772"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                                                                                      2024-10-07 22:43:51 UTC1859INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 66 62 73 62 78 2e 63 6f 6d 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 3b 73 63 72 69 70 74 2d 73 72 63 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 31 32 37 2e 30 2e 30 2e 31 3a 2a 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 62 6c 6f 62 3a 20 64 61 74 61 3a 20 27 73 65 6c 66 27 20 63 6f 6e 6e 65 63 74 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 27
                                                                                                                                                                                                                                                                                      Data Ascii: content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net '
                                                                                                                                                                                                                                                                                      2024-10-07 22:43:51 UTC1924INData Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 73 65 6c 66 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 62 72 6f 77 73 69 6e 67 2d 74 6f 70 69 63 73 3d 28 73 65 6c 66 29 2c 20 63 61 6d 65 72 61 3d 28 73 65 6c 66 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63
                                                                                                                                                                                                                                                                                      Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), c


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      94192.168.2.849894157.240.251.35443352C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-10-07 22:43:52 UTC652OUTGET /ajax/bz?__a=1&__ccg=GOOD&__dyn=7wKxa13wt8K2Wmh0Sw8W5U4e0yoW1DwfG1-wd-4o3Bw5VCwjE3awbG0MU2aw7Bx61vw5zw78w5Uw64w8W1uwc-0pa0h-0Lo6-0uS0ue0QU&__hs=20003.BP%3Aplugin_default_pkg.2.0..0.0&__hsi=7423167547787923565&__req=1&__rev=1017120959&__s=%3A%3Akwak1i&__sp=1&__user=0&dpr=1&jazoest=21864&lsd=zEMCM_Ae440ReJt2zgxGVr HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.facebook.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-10-07 22:43:53 UTC747INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7423168215048248215", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                                                                                      report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7423168215048248215"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                                                                                      2024-10-07 22:43:53 UTC1859INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 66 62 73 62 78 2e 63 6f 6d 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 3b 73 63 72 69 70 74 2d 73 72 63 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 31 32 37 2e 30 2e 30 2e 31 3a 2a 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 62 6c 6f 62 3a 20 64 61 74 61 3a 20 27 73 65 6c 66 27 20 63 6f 6e 6e 65 63 74 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 27
                                                                                                                                                                                                                                                                                      Data Ascii: content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net '
                                                                                                                                                                                                                                                                                      2024-10-07 22:43:53 UTC1706INData Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 73 65 6c 66 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 62 72 6f 77 73 69 6e 67 2d 74 6f 70 69 63 73 3d 28 73 65 6c 66 29 2c 20 63 61 6d 65 72 61 3d 28 73 65 6c 66 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63
                                                                                                                                                                                                                                                                                      Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), c


                                                                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                                                                      Start time:18:40:49
                                                                                                                                                                                                                                                                                      Start date:07/10/2024
                                                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe"
                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                      File size:25'216'120 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:34C8E1D5DE3565D30012425D880AB514
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                                                                                                      Start time:18:40:49
                                                                                                                                                                                                                                                                                      Start date:07/10/2024
                                                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\is-1DOA7.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.tmp" /SL5="$1040C,24100606,908800,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.12164.3161.exe"
                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                      File size:3'241'984 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:622B58CAEE5DCD88A475F7431D706D7B
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                                                                                                      Start time:18:41:03
                                                                                                                                                                                                                                                                                      Start date:07/10/2024
                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\ImBatch\ImBatch.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\ImBatch\ImBatch.exe"
                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                      File size:7'767'944 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:A2E5679917DE0C043AED253E90F1E6A0
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                                                      • Rule: Windows_Trojan_RedLineStealer_a7da40b7, Description: unknown, Source: 00000004.00000002.3980690776.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                      • Rule: Windows_Trojan_RedLineStealer_a7da40b7, Description: unknown, Source: 00000004.00000002.3980029463.00000000020F8000.00000040.00000001.01000000.00000007.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                      • Rule: Windows_Trojan_RedLineStealer_d4b38e13, Description: unknown, Source: 00000004.00000002.3980029463.00000000020F8000.00000040.00000001.01000000.00000007.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                                                                                                      Start time:18:41:06
                                                                                                                                                                                                                                                                                      Start date:07/10/2024
                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.highmotionsoftware.com/products/imbatch/thankyou
                                                                                                                                                                                                                                                                                      Imagebase:0x7ff678760000
                                                                                                                                                                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:9
                                                                                                                                                                                                                                                                                      Start time:18:41:08
                                                                                                                                                                                                                                                                                      Start date:07/10/2024
                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=2436,i,14634067751005810082,15773404869222309641,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                                                      Imagebase:0x7ff678760000
                                                                                                                                                                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                                        Execution Coverage:1.8%
                                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:86.3%
                                                                                                                                                                                                                                                                                        Signature Coverage:15%
                                                                                                                                                                                                                                                                                        Total number of Nodes:815
                                                                                                                                                                                                                                                                                        Total number of Limit Nodes:79
                                                                                                                                                                                                                                                                                        execution_graph 68612 6c63a3a3 68613 6c63a3e1 dllmain_crt_process_detach 68612->68613 68614 6c63a3ae 68612->68614 68616 6c63a3b3 68613->68616 68615 6c63a3d3 dllmain_crt_process_attach 68614->68615 68614->68616 68615->68616 69544 6c63a6c3 69545 6c63a6d1 dllmain_dispatch 69544->69545 69546 6c63a6cc ___security_init_cookie 69544->69546 69546->69545 68617 5899548 68618 5899553 68617->68618 68623 5899094 68618->68623 68621 5899094 6 API calls 68622 58995f6 68621->68622 68624 58990a9 68623->68624 68626 58990e4 68624->68626 68627 5896c54 68624->68627 68626->68621 68630 5896cec 68627->68630 68631 5896cf6 68630->68631 68634 589749c 68631->68634 68632 5896c61 68632->68626 68635 58974aa 68634->68635 68636 58974a6 68634->68636 68637 58974ba 68635->68637 68638 58974b1 68635->68638 68636->68632 68643 58974c4 68637->68643 68651 5897460 VirtualAlloc 68638->68651 68641 58974b7 68641->68632 68644 58974d7 68643->68644 68648 58974c0 68643->68648 68646 58974f9 68644->68646 68652 5896f74 68644->68652 68647 5896f74 5 API calls 68646->68647 68646->68648 68649 5897686 68647->68649 68648->68632 68649->68648 68650 58974c4 5 API calls 68649->68650 68650->68648 68651->68641 68653 5896f9a 68652->68653 68656 5896f9f 68652->68656 68681 589769c GlobalMemoryStatus 68653->68681 68655 58970da 68682 5896aa0 68655->68682 68656->68655 68658 5896fdd 68656->68658 68686 5896b34 68658->68686 68661 58971fb 68667 5896b34 2 API calls 68661->68667 68663 589708f 68666 5896b34 2 API calls 68663->68666 68664 5897074 68692 5896e88 VirtualFree VirtualFree 68664->68692 68668 589709d 68666->68668 68670 5897205 68667->68670 68672 5897085 68668->68672 68693 5896e88 VirtualFree VirtualFree 68668->68693 68669 5897173 68671 589719c 68669->68671 68675 5896b34 2 API calls 68669->68675 68670->68672 68696 5896b98 VirtualFree 68670->68696 68673 5896b34 2 API calls 68671->68673 68672->68646 68677 58971b5 68673->68677 68678 5897188 68675->68678 68677->68672 68695 5896e88 VirtualFree VirtualFree 68677->68695 68678->68672 68694 5896e88 VirtualFree VirtualFree 68678->68694 68681->68656 68683 5896ab0 68682->68683 68684 5896ad6 VirtualAlloc 68682->68684 68683->68684 68685 5896afb 68684->68685 68685->68661 68685->68669 68685->68672 68687 5896b41 VirtualAlloc 68686->68687 68688 5896b62 68686->68688 68689 5896b57 68687->68689 68690 5896b66 68687->68690 68688->68663 68688->68664 68697 5896b80 VirtualFree 68689->68697 68690->68687 68690->68688 68692->68672 68693->68672 68694->68671 68695->68672 68696->68672 68697->68688 68698 6c644ea5 68701 6c64aa80 68698->68701 68700 6c644eb4 68703 6c64aa99 68701->68703 68704 6c64aa9d 68701->68704 68702 6c64aaa7 jpeg_mem_term 68702->68704 68703->68700 68704->68702 68705 6c64aabd 68704->68705 68705->68703 68706 6c64aad9 jpeg_mem_term 68705->68706 68706->68705 69547 6c63a500 69549 6c63a50c __fread_nolock 69547->69549 69548 6c63a515 69549->69548 69550 6c63a58a ___scrt_fastfail 69549->69550 69551 6c63a534 69549->69551 69554 6c63a592 __fread_nolock 69550->69554 69564 6c63ac03 jpeg_mem_term 69551->69564 69553 6c63a5c7 dllmain_raw 69555 6c63a5e1 dllmain_crt_dispatch 69553->69555 69563 6c63a5ad 69553->69563 69554->69553 69560 6c63a5c2 69554->69560 69554->69563 69555->69560 69555->69563 69556 6c63a543 69557 6c63a556 ___scrt_uninitialize_crt 69556->69557 69557->69548 69558 6c63a62e 69559 6c63a637 dllmain_crt_dispatch 69558->69559 69558->69563 69561 6c63a64a dllmain_raw 69559->69561 69559->69563 69560->69558 69562 6c63a61a dllmain_crt_dispatch dllmain_raw 69560->69562 69561->69563 69562->69558 69564->69556 68707 58910cd 68708 58910d9 GetVersion 68707->68708 68710 58910fd 68707->68710 68709 58910ea 68708->68709 68733 589b70c 15 API calls 68709->68733 68721 5898ba0 68710->68721 68713 589112d 68716 589c230 2 API calls 68713->68716 68717 5891153 68713->68717 68714 58910f5 68719 589118c 68714->68719 68715 58911ac 68716->68717 68717->68719 68727 589c230 68717->68727 68719->68715 68734 5891280 GetProcessHeap HeapFree TlsFree TlsGetValue 68719->68734 68722 5898bc3 68721->68722 68723 5898bb6 68721->68723 68735 589129a 68722->68735 68723->68722 68747 5898bec GetProcessHeap HeapAlloc TlsAlloc TlsGetValue TlsSetValue 68723->68747 68726 5898bd2 68726->68713 68728 589c24e 68727->68728 68730 589c279 68727->68730 68729 589c25d GetEnvironmentStrings 68728->68729 68728->68730 68729->68730 68731 589c2e3 FreeEnvironmentStringsA 68730->68731 68732 589c2f6 68730->68732 68731->68732 68732->68719 68733->68714 68734->68715 68736 58912a8 68735->68736 68737 58912a3 68735->68737 68749 589c448 TlsGetValue 68736->68749 68748 589c430 TlsAlloc 68737->68748 68740 58912b8 68741 58912bd 68740->68741 68742 58912bc 68740->68742 68750 58911cf GetProcessHeap HeapAlloc TlsSetValue 68741->68750 68742->68726 68744 58912c2 68751 589c448 TlsGetValue 68744->68751 68746 58912cd 68746->68726 68747->68722 68748->68736 68749->68740 68750->68744 68751->68746 68752 f0a308c 68753 f0a30f0 68752->68753 68754 f0a30a0 GetWindowLongW 68752->68754 68755 f0a30f9 GetWindowLongW 68753->68755 68762 f0a318a 68753->68762 68756 f0a30de SetWindowLongW 68754->68756 68757 f0a30b4 68754->68757 68758 f0a3108 68755->68758 68759 f0a3134 SetWindowLongW 68755->68759 68756->68762 68780 f0a2cc0 18 API calls 68757->68780 68758->68759 68761 f0a3149 68759->68761 68759->68762 68770 f0a2d38 68761->68770 68764 f0a3164 68766 f0a316e ShowWindow 68764->68766 68765 f0a30be 68765->68756 68781 f0a2f94 18 API calls 68765->68781 68766->68762 68768 f0a30cf 68769 f0a30d8 SetParent 68768->68769 68769->68756 68771 f0a2d49 68770->68771 68772 f0a2daf 68770->68772 68782 eefd090 68771->68782 68772->68764 68774 f0a2d5e 68775 f0a2d67 SetParent 68774->68775 68775->68772 68776 f0a2d7a 68775->68776 68795 f030c70 89 API calls 68776->68795 68778 f0a2d91 68778->68772 68796 f030c70 89 API calls 68778->68796 68780->68765 68781->68768 68783 eefd11b 68782->68783 68785 eefd0a7 68782->68785 68783->68774 68784 eefd11d 68801 ef02790 75 API calls 68784->68801 68785->68783 68785->68784 68787 eefd0d2 SetParent 68785->68787 68789 eefd0f5 68787->68789 68788 eefd127 68791 eefcf9c 75 API calls 68788->68791 68797 eefcf9c 68789->68797 68792 eefd151 68791->68792 68802 ef02790 75 API calls 68792->68802 68794 eefd168 68794->68774 68795->68778 68796->68772 68798 eefcfaa 68797->68798 68800 eefcfb5 68798->68800 68803 eefce3c 68798->68803 68800->68783 68801->68788 68802->68794 68805 eefce51 68803->68805 68804 eefcee7 68804->68800 68805->68804 68807 eefce3c 75 API calls 68805->68807 68808 ee66cb4 68805->68808 68807->68805 68809 ee66cce 68808->68809 68810 ee66cbf 68808->68810 68809->68805 68812 ee66bf0 75 API calls 68810->68812 68812->68809 68813 ee394a4 68814 ee394b4 GetModuleFileNameW 68813->68814 68815 ee394d0 68813->68815 68817 ee3a300 GetModuleFileNameW 68814->68817 68818 ee3a34e 68817->68818 68823 ee3a510 68818->68823 68820 ee3a37a 68821 ee3a38c LoadLibraryExW 68820->68821 68822 ee3a394 68820->68822 68821->68822 68822->68815 68824 ee3a549 68823->68824 68845 ee378d8 68824->68845 68826 ee3a571 68827 ee3a583 lstrcpynW lstrlenW 68826->68827 68828 ee3a5ad 68827->68828 68831 ee3a61e 68828->68831 68862 ee3a060 68828->68862 68830 ee3a609 68832 ee3a623 GetUserDefaultUILanguage 68830->68832 68833 ee3a612 68830->68833 68831->68820 68886 ee39d1c EnterCriticalSection 68832->68886 68834 ee3a404 3 API calls 68833->68834 68834->68831 68836 ee3a634 68909 ee3a404 68836->68909 68838 ee3a63f 68839 ee3a66b 68838->68839 68840 ee3a64f GetSystemDefaultUILanguage 68838->68840 68839->68831 68914 ee3a4b4 GetUserDefaultUILanguage GetLocaleInfoW 68839->68914 68841 ee39d1c 31 API calls 68840->68841 68843 ee3a660 68841->68843 68844 ee3a404 3 API calls 68843->68844 68844->68839 68846 ee378dc 68845->68846 68847 ee378f8 68845->68847 68846->68845 68849 ee378e8 68846->68849 68852 ee37dcc 68846->68852 68853 ee37e8b 68846->68853 68848 ee37928 68847->68848 68920 ee342c4 68847->68920 68848->68826 68849->68847 68919 ee38354 12 API calls 68849->68919 68852->68853 68854 ee378d8 12 API calls 68852->68854 68855 ee37ddf 68852->68855 68854->68855 68855->68853 68927 ee38354 12 API calls 68855->68927 68857 ee37e3e 68858 ee37e76 68857->68858 68928 ee368e8 12 API calls 68857->68928 68860 ee378d8 12 API calls 68858->68860 68861 ee37e87 68860->68861 68861->68826 68863 ee3a077 68862->68863 68864 ee3a0a0 68863->68864 68865 ee3a08b GetModuleFileNameW 68863->68865 68868 ee3a0ad lstrcpynW 68864->68868 68866 ee3a0ba 68865->68866 68867 ee3a0c8 RegOpenKeyExW 68866->68867 68873 ee3a22f 68866->68873 68869 ee3a0eb RegOpenKeyExW 68867->68869 68870 ee3a149 68867->68870 68868->68866 68869->68870 68871 ee3a109 RegOpenKeyExW 68869->68871 68931 ee39e64 12 API calls 68870->68931 68871->68870 68874 ee3a127 RegOpenKeyExW 68871->68874 68873->68830 68874->68870 68874->68873 68875 ee3a167 RegQueryValueExW 68876 ee3a185 68875->68876 68877 ee3a1b8 RegQueryValueExW 68875->68877 68932 ee342a8 68876->68932 68879 ee3a1b6 68877->68879 68880 ee3a1d4 68877->68880 68884 ee3a21e RegCloseKey 68879->68884 68885 ee342c4 12 API calls 68879->68885 68882 ee342a8 12 API calls 68880->68882 68881 ee3a18d RegQueryValueExW 68881->68879 68883 ee3a1dc RegQueryValueExW 68882->68883 68883->68879 68884->68830 68885->68884 68887 ee39d68 LeaveCriticalSection 68886->68887 68888 ee39d48 68886->68888 68889 ee378d8 12 API calls 68887->68889 68890 ee39d59 LeaveCriticalSection 68888->68890 68891 ee39d7b IsValidLocale 68889->68891 68901 ee39e0b 68890->68901 68892 ee39d8a 68891->68892 68893 ee39dd9 EnterCriticalSection 68891->68893 68895 ee39d93 68892->68895 68896 ee39d9e 68892->68896 68947 ee37964 68893->68947 68942 ee39bfc 18 API calls 68895->68942 68943 ee399fc 16 API calls 68896->68943 68900 ee39d9c 68900->68893 68901->68836 68902 ee39da7 GetSystemDefaultUILanguage 68902->68893 68903 ee39db1 68902->68903 68904 ee39dc2 GetSystemDefaultUILanguage 68903->68904 68944 ee378d8 12 API calls 68903->68944 68945 ee399fc 16 API calls 68904->68945 68907 ee39dcf 68946 ee378d8 12 API calls 68907->68946 68910 ee3a418 68909->68910 68911 ee3a487 68910->68911 68912 ee3a459 lstrcpynW 68910->68912 68911->68838 68949 ee3a3cc FindFirstFileW 68912->68949 68915 ee3a3cc 2 API calls 68914->68915 68916 ee3a4e7 68915->68916 68917 ee3a3cc 2 API calls 68916->68917 68918 ee3a504 68916->68918 68917->68918 68918->68831 68919->68847 68921 ee342d2 68920->68921 68923 ee342c8 68920->68923 68921->68848 68922 ee343dd 68930 ee343ac 8 API calls 68922->68930 68923->68921 68923->68922 68929 ee3b68c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 68923->68929 68926 ee343fe 68926->68848 68927->68857 68928->68858 68929->68922 68930->68926 68931->68875 68933 ee342bf 68932->68933 68935 ee342ac 68932->68935 68933->68881 68934 ee342b6 68934->68881 68935->68934 68936 ee343dd 68935->68936 68940 ee3b68c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 68935->68940 68941 ee343ac 8 API calls 68936->68941 68939 ee343fe 68939->68881 68940->68936 68941->68939 68942->68900 68943->68902 68944->68904 68945->68907 68946->68893 68948 ee37968 lstrcpynW LeaveCriticalSection 68947->68948 68948->68901 68950 ee3a3f5 FindClose 68949->68950 68951 ee3a3fb 68949->68951 68950->68951 68951->68910 68952 ef03438 68953 ef03442 68952->68953 68960 eefacbc 68953->68960 68955 ef03458 68977 ee7fe68 80 API calls 68955->68977 68957 ef03464 68978 eef5fe0 81 API calls 68957->68978 68959 ef03475 68961 eefaccd 68960->68961 68979 eef65a8 82 API calls 68961->68979 68963 eefacf1 68980 ee74630 68963->68980 68965 eefacfc 68983 ee7f960 14 API calls 68965->68983 68967 eefad0e 68984 ee7fb24 20 API calls 68967->68984 68969 eefad20 68970 eefad51 68969->68970 68971 eefad60 68969->68971 68972 ee378d8 12 API calls 68970->68972 68985 eeceed4 68971->68985 68976 eefad5e 68972->68976 68975 ee378d8 12 API calls 68975->68976 68976->68955 68977->68957 68978->68959 68979->68963 68981 ee74640 VirtualAlloc 68980->68981 68982 ee7466e 68980->68982 68981->68982 68982->68965 68983->68967 68984->68969 68990 eecec90 68985->68990 68987 eeceee1 68988 ee378d8 12 API calls 68987->68988 68989 eeceeeb 68988->68989 68989->68975 68991 eececc0 68990->68991 68994 eecee0d 68990->68994 68992 ee378d8 12 API calls 68991->68992 68993 eececdf GetKeyboardLayoutList 68992->68993 68993->68994 68999 eececf6 68993->68999 68994->68987 68997 eeced5d RegQueryValueExW 68998 eecede2 RegCloseKey 68997->68998 68997->68999 68998->68987 68998->68999 68999->68994 68999->68998 69000 ee45728 68999->69000 69001 ee45757 RegOpenKeyExW 69000->69001 69002 ee45738 69000->69002 69001->68997 69001->68999 69002->69001 69004 ee45a1c 75 API calls 69002->69004 69004->69001 69005 6c5cc694 69006 6c5cc69d 69005->69006 69007 6c5cc6a2 dllmain_dispatch 69005->69007 69009 6c5cc941 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 69006->69009 69009->69007 69565 6c5cc374 69566 6c5cc37f 69565->69566 69567 6c5cc3b2 dllmain_crt_process_detach 69565->69567 69568 6c5cc3a4 dllmain_crt_process_attach 69566->69568 69569 6c5cc384 69566->69569 69574 6c5cc38e 69567->69574 69568->69574 69570 6c5cc39a 69569->69570 69571 6c5cc389 69569->69571 69576 6c5cca7c 23 API calls 69570->69576 69571->69574 69575 6c5cca9b 21 API calls 69571->69575 69575->69574 69576->69574 69577 ee3b08a GetSystemInfo 69010 f089cc4 69011 f089cd1 69010->69011 69014 f089d8d 69010->69014 69013 f089ce8 69011->69013 69033 efe2ad4 80 API calls 69011->69033 69016 f089d3d 69013->69016 69020 f089d60 69013->69020 69014->69020 69024 f089e31 69014->69024 69035 efe2ad4 80 API calls 69014->69035 69034 f030c70 89 API calls 69016->69034 69017 f089dce 69021 f089dd2 69017->69021 69017->69024 69019 f089d52 69019->69020 69022 f089df5 69021->69022 69036 eef6f88 KiUserCallbackDispatcher 69021->69036 69038 f081190 89 API calls 69022->69038 69023 f089e6b 69045 f081190 89 API calls 69023->69045 69024->69020 69024->69023 69027 eef6f88 KiUserCallbackDispatcher 69024->69027 69027->69023 69029 f089dfe 69039 f088d08 69029->69039 69030 f089e77 69032 f088d08 81 API calls 69030->69032 69032->69020 69033->69013 69034->69019 69035->69017 69037 eef6fae 69036->69037 69037->69022 69038->69029 69040 f088dd8 69039->69040 69041 f088d18 69039->69041 69040->69020 69042 f088d4f 69041->69042 69046 efe2ad4 80 API calls 69041->69046 69042->69040 69043 f088db2 KiUserCallbackDispatcher 69042->69043 69043->69040 69045->69030 69046->69042 69578 f0ac3b8 69585 ee3b6d8 69578->69585 69582 f0ac3e4 69590 ee366cc 8 API calls 69582->69590 69586 ee3b6e3 69585->69586 69591 ee363c4 69586->69591 69588 ee3b723 69589 f0a3db8 TlsGetValue TlsSetValue 69588->69589 69589->69582 69592 ee363d3 69591->69592 69593 ee363d8 GetCurrentThreadId 69591->69593 69592->69593 69594 ee3640e 69593->69594 69594->69588 69595 ee366e3 69594->69595 69596 ee366f4 69594->69596 69605 ee3663c GetStdHandle WriteFile GetStdHandle WriteFile MessageBoxA 69595->69605 69597 ee366fd GetCurrentThreadId 69596->69597 69600 ee3670a 69596->69600 69597->69600 69599 ee366ed 69599->69596 69601 ee3677d FreeLibrary 69600->69601 69602 ee367a5 69600->69602 69601->69600 69603 ee367b4 ExitProcess 69602->69603 69604 ee367ae 69602->69604 69604->69603 69605->69599 69047 eef6fbc KiUserCallbackDispatcher 69048 eef6fe2 69047->69048 69049 6c63a3f6 69051 6c63a402 __fread_nolock 69049->69051 69050 6c63a40e 69051->69050 69052 6c63a433 69051->69052 69053 6c63a4f8 ___scrt_fastfail 69051->69053 69054 6c63a464 69052->69054 69055 6c63a446 __RTC_Initialize 69052->69055 69062 6c63a4ee ___scrt_release_startup_lock 69054->69062 69056 6c63a784 69055->69056 69059 6c63a450 ___scrt_initialize_default_local_stdio_options 69056->69059 69058 6c63a49f 69058->69050 69060 6c63a4b3 ___scrt_is_nonwritable_in_current_image 69058->69060 69059->69054 69060->69050 69061 6c63a4be jpeg_mem_term 69060->69061 69061->69050 69062->69058 69063 6c5d10c4 69074 6c5d32f7 69063->69074 69070 6c5d10ec 69095 6c5d24b1 14 API calls __dosmaperr 69070->69095 69071 6c5d1110 69073 6c5d10e1 69096 6c5d24b1 14 API calls __dosmaperr 69073->69096 69075 6c5d10d6 69074->69075 69076 6c5d3300 69074->69076 69080 6c5d37b2 GetEnvironmentStringsW 69075->69080 69097 6c5d2093 34 API calls 2 library calls 69076->69097 69078 6c5d3323 69098 6c5d3146 44 API calls 3 library calls 69078->69098 69081 6c5d37c9 69080->69081 69082 6c5d3822 69080->69082 69099 6c5d36ce WideCharToMultiByte 69081->69099 69083 6c5d10db 69082->69083 69084 6c5d3828 FreeEnvironmentStringsW 69082->69084 69083->69073 69094 6c5d1116 25 API calls 4 library calls 69083->69094 69084->69083 69086 6c5d37e2 69086->69082 69087 6c5d37ec 69086->69087 69100 6c5d2463 15 API calls 2 library calls 69087->69100 69089 6c5d37f2 69091 6c5d380a 69089->69091 69101 6c5d36ce WideCharToMultiByte 69089->69101 69102 6c5d24b1 14 API calls __dosmaperr 69091->69102 69093 6c5d381f 69093->69082 69094->69070 69095->69073 69096->69071 69097->69078 69098->69075 69099->69086 69100->69089 69101->69091 69102->69093 69103 eea69f0 69104 eea6a0d KillTimer 69103->69104 69105 eea6a15 69103->69105 69104->69105 69106 eea6a74 69105->69106 69109 eea6a28 69105->69109 69107 eea6a7b 69106->69107 69111 eea6a85 69106->69111 69134 ee7487c GetWindowLongW DestroyWindow 69107->69134 69110 eea6a3c SetTimer 69109->69110 69121 ee747c8 GetClassInfoW 69109->69121 69110->69111 69113 eea6a51 69110->69113 69131 ee3b018 67 API calls 69113->69131 69116 eea6a5e 69132 ee498ec 12 API calls 69116->69132 69118 eea6a6d 69133 ee3605c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 69118->69133 69120 eea6a72 69120->69111 69122 ee747f8 69121->69122 69123 ee74821 69122->69123 69124 ee74817 RegisterClassW 69122->69124 69125 ee74806 UnregisterClassW 69122->69125 69135 ee3dedc 69123->69135 69124->69123 69125->69124 69127 ee7484f 69128 ee7486c 69127->69128 69129 ee74630 VirtualAlloc 69127->69129 69128->69110 69130 ee74863 SetWindowLongW 69129->69130 69130->69128 69131->69116 69132->69118 69134->69120 69139 ee3470c 69135->69139 69137 ee3deef CreateWindowExW 69138 ee3df29 69137->69138 69138->69127 69139->69137 69606 6c64649e GetStartupInfoW 69607 6c64654d 69606->69607 69608 6c6464bb 69606->69608 69608->69607 69612 6c64cde8 69608->69612 69610 6c6464e4 69610->69607 69611 6c646512 GetFileType 69610->69611 69611->69610 69614 6c64cdf4 __fread_nolock 69612->69614 69613 6c64ce01 __fread_nolock 69613->69610 69614->69613 69616 6c64cd39 69614->69616 69620 6c645e3a 69616->69620 69618 6c64cda4 _free 69618->69614 69619 6c64cd4b 69619->69618 69623 6c645e47 69620->69623 69621 6c645e72 RtlAllocateHeap 69622 6c645e85 69621->69622 69621->69623 69622->69619 69623->69621 69623->69622 69140 f032d58 69141 f032d5e 69140->69141 69156 f0287bc 194 API calls 69141->69156 69143 f032d73 69146 f032dc0 69143->69146 69145 f032d8c 69147 f032e47 69146->69147 69148 f032dcd Sleep 69146->69148 69147->69145 69149 f032dde 69148->69149 69149->69147 69157 f032fd0 69149->69157 69151 f032e05 69163 ee72514 SetThreadPriority 69151->69163 69155 f032e44 69155->69145 69156->69143 69158 f032fdd 69157->69158 69169 ee721bc 69158->69169 69160 f033003 69161 f033041 69160->69161 69182 f02154c 69160->69182 69161->69151 69488 ee723ec 69163->69488 69166 ee72d7c 69493 ee72468 69166->69493 69168 ee72d83 69168->69155 69170 ee721cd 69169->69170 69171 ee72273 GetCurrentThread GetCurrentThreadId 69170->69171 69172 ee7221f 69170->69172 69181 ee72271 69171->69181 69186 ee36848 69172->69186 69174 ee72234 69175 ee7223d GetLastError 69174->69175 69174->69181 69191 ee48e08 13 API calls 69175->69191 69177 ee7224a 69192 ee49af0 75 API calls 69177->69192 69179 ee7226c 69193 ee3605c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 69179->69193 69181->69160 69183 f021555 69182->69183 69198 f01e074 69183->69198 69185 f02157a 69185->69161 69187 ee3686e 69186->69187 69189 ee36862 CreateThread 69186->69189 69188 ee342a8 12 API calls 69187->69188 69188->69189 69189->69174 69194 ee36810 69189->69194 69191->69177 69192->69179 69195 ee36818 69194->69195 69196 ee342c4 12 API calls 69195->69196 69197 ee36836 69196->69197 69199 f01e07e 69198->69199 69204 f018c5c 69199->69204 69201 f01e0b4 69291 f01e1a8 12 API calls 69201->69291 69203 f01e0c7 69203->69185 69205 f018c66 69204->69205 69206 f018c6e InitializeCriticalSection 69204->69206 69205->69206 69292 eff34b4 69206->69292 69213 f00ba8c 12 API calls 69214 f018cde 69213->69214 69215 f00c4f8 12 API calls 69214->69215 69216 f018cfe 69215->69216 69301 effc1b8 69216->69301 69219 effc1b8 12 API calls 69220 f018d33 69219->69220 69221 effc1b8 12 API calls 69220->69221 69222 f018d4f 69221->69222 69223 effc1b8 12 API calls 69222->69223 69224 f018d6b 69223->69224 69306 f000384 69224->69306 69226 f018d87 69227 f000384 12 API calls 69226->69227 69228 f018da3 69227->69228 69309 effdb38 69228->69309 69232 f018dd9 69315 f004a10 69232->69315 69236 f018e2b 69325 eff39a8 69236->69325 69239 eff39a8 12 API calls 69240 f018ec2 69239->69240 69330 eff27d4 69240->69330 69243 eff27d4 12 API calls 69244 f018f16 69243->69244 69333 eff51ec 69244->69333 69249 f000f78 12 API calls 69250 f018fff 69249->69250 69251 f000f78 12 API calls 69250->69251 69252 f019012 69251->69252 69253 f000f78 12 API calls 69252->69253 69254 f019025 69253->69254 69255 f000f78 12 API calls 69254->69255 69256 f019038 69255->69256 69257 f000f78 12 API calls 69256->69257 69258 f01904b 69257->69258 69259 f000f78 12 API calls 69258->69259 69260 f01905e 69259->69260 69261 f000f78 12 API calls 69260->69261 69262 f019071 69261->69262 69339 f001c34 69262->69339 69269 f000c74 12 API calls 69270 f0190c8 69269->69270 69352 f000758 69270->69352 69273 f000758 12 API calls 69274 f019104 69273->69274 69357 eff6210 69274->69357 69277 eff27d4 12 API calls 69278 f019153 69277->69278 69360 effb8b8 69278->69360 69285 eff91d0 12 API calls 69286 f0191d9 69285->69286 69379 f0133c4 69286->69379 69290 f01920f 69290->69201 69291->69203 69385 ee353d8 69292->69385 69294 eff34bf 69295 f00ba8c 69294->69295 69391 effbf60 69295->69391 69298 f00c4f8 69299 effbf60 12 API calls 69298->69299 69300 f00c51c 69299->69300 69300->69213 69302 ee353d8 12 API calls 69301->69302 69305 effc1c3 69302->69305 69303 effc273 69303->69219 69305->69303 69394 eff092c 69305->69394 69307 ee353d8 12 API calls 69306->69307 69308 f00038f 69307->69308 69308->69226 69310 ee353d8 12 API calls 69309->69310 69311 effdb43 69310->69311 69312 eff0a78 69311->69312 69313 ee353d8 12 API calls 69312->69313 69314 eff0a83 69313->69314 69314->69232 69316 ee353d8 12 API calls 69315->69316 69317 f004a1b 69316->69317 69318 efff62c 69317->69318 69319 ee353d8 12 API calls 69318->69319 69320 efff637 69319->69320 69321 efff667 69320->69321 69397 effe424 12 API calls 69320->69397 69321->69236 69323 efff654 69398 eff08f0 12 API calls 69323->69398 69326 ee353d8 12 API calls 69325->69326 69327 eff39b3 69326->69327 69329 eff39f0 69327->69329 69399 eff0830 69327->69399 69329->69239 69331 ee353d8 12 API calls 69330->69331 69332 eff27df 69331->69332 69332->69243 69334 ee353d8 12 API calls 69333->69334 69335 eff51f7 69334->69335 69336 f000f78 69335->69336 69337 ee353d8 12 API calls 69336->69337 69338 f000f83 69337->69338 69338->69249 69340 ee353d8 12 API calls 69339->69340 69341 f001c3f 69340->69341 69342 f001c58 69341->69342 69402 f001a94 12 API calls 69341->69402 69344 f000fa4 69342->69344 69345 ee353d8 12 API calls 69344->69345 69346 f000faf 69345->69346 69347 f000fde 69346->69347 69403 f00100c 12 API calls 69346->69403 69349 f000c74 69347->69349 69350 ee353d8 12 API calls 69349->69350 69351 f000c7f 69350->69351 69351->69269 69353 ee353d8 12 API calls 69352->69353 69354 f000763 69353->69354 69355 f00077b 69354->69355 69404 f00072c 12 API calls 69354->69404 69355->69273 69358 ee353d8 12 API calls 69357->69358 69359 eff621b 69358->69359 69359->69277 69361 ee353d8 12 API calls 69360->69361 69362 effb8c3 69361->69362 69363 effb8f8 69362->69363 69364 effb8d4 69362->69364 69412 effb2c0 12 API calls 69362->69412 69367 eff9090 69363->69367 69364->69363 69405 effb574 69364->69405 69368 ee353d8 12 API calls 69367->69368 69369 eff909b 69368->69369 69370 eff90cb 69369->69370 69415 eff8404 12 API calls 69369->69415 69374 eff91d0 69370->69374 69372 eff90b7 69416 eff8d80 12 API calls 69372->69416 69375 ee353d8 12 API calls 69374->69375 69376 eff91db 69375->69376 69377 eff91f0 69376->69377 69378 eff51ec 12 API calls 69376->69378 69377->69285 69378->69377 69380 ee353d8 12 API calls 69379->69380 69381 f0133cf 69380->69381 69382 f0133ea 69381->69382 69417 f0111b8 69381->69417 69384 f0095e0 12 API calls 69382->69384 69384->69290 69386 ee353de 69385->69386 69387 ee353dd 69385->69387 69388 ee3541f 69386->69388 69389 ee342a8 12 API calls 69386->69389 69387->69294 69388->69294 69390 ee353f0 69389->69390 69390->69294 69392 ee353d8 12 API calls 69391->69392 69393 effbf6b 69392->69393 69393->69298 69395 ee353d8 12 API calls 69394->69395 69396 eff0937 69395->69396 69396->69303 69397->69323 69398->69321 69400 ee342a8 12 API calls 69399->69400 69401 eff0859 69400->69401 69401->69329 69402->69342 69403->69347 69404->69355 69406 ee353d8 12 API calls 69405->69406 69407 effb57f 69406->69407 69408 effb5ab 69407->69408 69413 eff9f78 12 API calls 69407->69413 69408->69363 69410 effb598 69414 effa5fc 12 API calls 69410->69414 69412->69364 69413->69410 69414->69408 69415->69372 69416->69370 69418 ee353d8 12 API calls 69417->69418 69419 f0111c3 69418->69419 69420 f01140e 69419->69420 69421 eff0830 12 API calls 69419->69421 69420->69382 69422 f011228 69421->69422 69423 eff0830 12 API calls 69422->69423 69424 f011273 69423->69424 69425 eff0830 12 API calls 69424->69425 69426 f011291 69425->69426 69427 eff092c 12 API calls 69426->69427 69428 f0112ed 69427->69428 69429 eff27d4 12 API calls 69428->69429 69430 f011316 69429->69430 69452 f00804c 69430->69452 69435 eff6210 12 API calls 69436 f01134f 69435->69436 69437 effb8b8 12 API calls 69436->69437 69438 f01136f 69437->69438 69439 effb8b8 12 API calls 69438->69439 69440 f01138f 69439->69440 69441 effb8b8 12 API calls 69440->69441 69442 f0113af 69441->69442 69443 f004a10 12 API calls 69442->69443 69444 f0113c2 69443->69444 69462 effd7f8 69444->69462 69451 efff62c 12 API calls 69451->69420 69453 ee353d8 12 API calls 69452->69453 69454 f008057 69453->69454 69456 f008077 69454->69456 69481 eff3c88 12 API calls 69454->69481 69457 f0085ac 69456->69457 69458 ee353d8 12 API calls 69457->69458 69459 f0085b7 69458->69459 69460 f0085d7 69459->69460 69482 eff3c88 12 API calls 69459->69482 69460->69435 69463 ee353d8 12 API calls 69462->69463 69464 effd803 69463->69464 69465 f0060d4 69464->69465 69466 ee353d8 12 API calls 69465->69466 69467 f0060df 69466->69467 69468 f006133 69467->69468 69483 f005ec8 12 API calls 69467->69483 69474 f0070b8 69468->69474 69470 f006101 69484 eff3d10 12 API calls 69470->69484 69472 f00611b 69485 eff3c88 12 API calls 69472->69485 69475 ee353d8 12 API calls 69474->69475 69476 f0070c3 69475->69476 69477 f007101 69476->69477 69486 eff3d10 12 API calls 69476->69486 69477->69451 69479 f0070e9 69487 eff3c88 12 API calls 69479->69487 69481->69456 69482->69460 69483->69470 69484->69472 69485->69468 69486->69479 69487->69477 69489 ee723f3 GetLastError 69488->69489 69490 ee72401 69488->69490 69492 ee72370 76 API calls 69489->69492 69490->69166 69492->69490 69494 ee72485 69493->69494 69495 ee724ca 69493->69495 69494->69495 69498 ee72491 ResumeThread 69494->69498 69512 ee3b018 67 API calls 69495->69512 69497 ee724d7 69513 ee498ec 12 API calls 69497->69513 69500 ee724a7 69498->69500 69501 ee724c8 69498->69501 69509 ee3b018 67 API calls 69500->69509 69501->69168 69502 ee724e6 69514 ee3605c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 69502->69514 69505 ee724b4 69510 ee498ec 12 API calls 69505->69510 69507 ee724c3 69511 ee3605c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 69507->69511 69509->69505 69510->69507 69512->69497 69513->69502 69515 eefd174 69516 eefd1a3 69515->69516 69521 eef5e18 90 API calls 69516->69521 69518 eefd1b5 69522 ee85234 92 API calls 69518->69522 69520 eefd1ba 69521->69518 69522->69520 69523 102292bd GetLastError TlsGetValue 69524 10229322 SetLastError 69523->69524 69525 102292d9 69523->69525 69533 102296a8 69525->69533 69527 102292e5 69528 1022931a 69527->69528 69529 102292ed TlsSetValue 69527->69529 69540 10222ff0 36 API calls __lock 69528->69540 69529->69528 69530 102292fe GetCurrentThreadId 69529->69530 69530->69524 69532 10229321 69532->69524 69539 102296b4 __lock __getbuf __floor_pentium4 69533->69539 69534 10229721 RtlAllocateHeap 69534->69539 69536 1022974d __lock 69536->69527 69539->69534 69539->69536 69541 102284d2 36 API calls __lock 69539->69541 69542 10228e14 5 API calls __getbuf 69539->69542 69543 10229752 LeaveCriticalSection __lock 69539->69543 69540->69532 69541->69539 69542->69539 69543->69539 69624 6c5cc563 69625 6c5cc56f ___scrt_is_nonwritable_in_current_image 69624->69625 69626 6c5cc598 dllmain_raw 69625->69626 69630 6c5cc593 69625->69630 69633 6c5cc57e 69625->69633 69627 6c5cc5b2 dllmain_crt_dispatch 69626->69627 69626->69633 69627->69630 69627->69633 69628 6c5cc5ff 69629 6c5cc608 dllmain_crt_dispatch 69628->69629 69628->69633 69631 6c5cc61b dllmain_raw 69629->69631 69629->69633 69630->69628 69632 6c5cc5eb dllmain_crt_dispatch dllmain_raw 69630->69632 69631->69633 69632->69628 69634 ee32d9c 69635 ee32db4 69634->69635 69636 ee32ffc 69634->69636 69646 ee32dc6 69635->69646 69649 ee32e51 Sleep 69635->69649 69637 ee32fc0 69636->69637 69638 ee33114 69636->69638 69647 ee32fda Sleep 69637->69647 69650 ee3301a 69637->69650 69639 ee32b48 VirtualAlloc 69638->69639 69640 ee3311d 69638->69640 69642 ee32b83 69639->69642 69643 ee32b73 69639->69643 69641 ee32dd5 69658 ee32b00 Sleep Sleep 69643->69658 69645 ee32eb4 69657 ee32ec0 69645->69657 69659 ee32a88 69645->69659 69646->69641 69646->69645 69653 ee32e95 Sleep 69646->69653 69648 ee32ff0 Sleep 69647->69648 69647->69650 69648->69637 69649->69646 69652 ee32e67 Sleep 69649->69652 69651 ee33038 69650->69651 69654 ee32a88 VirtualAlloc 69650->69654 69652->69635 69653->69645 69656 ee32eab Sleep 69653->69656 69654->69651 69656->69646 69658->69642 69663 ee32a1c 69659->69663 69661 ee32a90 VirtualAlloc 69662 ee32aa7 69661->69662 69662->69657 69664 ee329bc 69663->69664 69664->69661

                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                        Function 058910CD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 176 58910cd-58910d7 177 58910d9-58910e8 GetVersion 176->177 178 58910fd-589110a 176->178 179 58910ea 177->179 180 58910ef-58910f8 call 589b70c 177->180 181 589110c-5891121 call 589c428 call 58979a8 call 5896d44 call 58979b0 178->181 182 5891126-5891143 call 5898ba0 178->182 179->180 191 589118c-5891196 180->191 181->182 189 589115c 182->189 190 5891145-589114c 182->190 194 5891163-589116a 189->194 190->189 193 589114e-589115a call 589c230 190->193 196 5891198-58911a7 call 5896d34 call 58979ac call 589c42c call 5891280 191->196 197 58911ac 191->197 193->194 199 589116c-5891177 194->199 200 589117e-5891185 194->200 196->197 199->200 200->191 205 5891187 call 589c230 200->205 205->191
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • Nonshared DATA segment required, xrefs: 058910DE
                                                                                                                                                                                                                                                                                        • Cannot run multiple instances of a DLL under WIN32s, xrefs: 058910EA, 058910EF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Version
                                                                                                                                                                                                                                                                                        • String ID: Cannot run multiple instances of a DLL under WIN32s$Nonshared DATA segment required
                                                                                                                                                                                                                                                                                        • API String ID: 1889659487-934427316
                                                                                                                                                                                                                                                                                        • Opcode ID: 6c0770d76f07030548590a952ac970e5e2bf8c474b9be08ee3113be0706e6bf5
                                                                                                                                                                                                                                                                                        • Instruction ID: 1511402f75d6f56f84c093f3885753743f319ed06d5b9f14ae20b62c677df98c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6c0770d76f07030548590a952ac970e5e2bf8c474b9be08ee3113be0706e6bf5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2A11907062C342AADF1EF7A8940EB2A7F99AB45244F1C4014FE01C6140EB769C84C723
                                                                                                                                                                                                                                                                                        Function 0EE3A4B4 Relevance: 3.0, APIs: 2, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 336 ee3a4b4-ee3a4ea GetUserDefaultUILanguage GetLocaleInfoW call ee3a3cc 339 ee3a50b-ee3a50f 336->339 340 ee3a4ec-ee3a4ff call ee3a3cc 336->340 342 ee3a504-ee3a507 340->342 342->339 343 ee3a509 342->343 343->339
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetUserDefaultUILanguage.KERNEL32(00000003,?,?,00000000,?,0EE3A678,?,?,?,00000000,00000105,00000000,0EE3A6AF,?,0EE3FC30), ref: 0EE3A4D0
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,00000003,?,?,00000000,?,0EE3A678,?,?,?,00000000,00000105,00000000,0EE3A6AF,?,0EE3FC30), ref: 0EE3A4D9
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE3A3CC: FindFirstFileW.KERNEL32(?,?,00000000), ref: 0EE3A3E6
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE3A3CC: FindClose.KERNEL32(00000000,?,?,00000000), ref: 0EE3A3F6
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3216391948-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c62f3df936cc8ade3ca8ce64e70b6f0fdc5f32b7750b6bdae6152e23378de8b0
                                                                                                                                                                                                                                                                                        • Instruction ID: fdc3213768f10f9d967ab21f13d38a4f8956d3a64548be2e19356f07e6fa5c47
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c62f3df936cc8ade3ca8ce64e70b6f0fdc5f32b7750b6bdae6152e23378de8b0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98F0DA752416096FDB00DEACD8DC9AAB7D8BB19258F2069A4F98CCB251C671ED80CB61
                                                                                                                                                                                                                                                                                        Function 0EE3A3CC Relevance: 3.0, APIs: 2, Instructions: 21fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 361 ee3a3cc-ee3a3f3 FindFirstFileW 362 ee3a3f5-ee3a3f6 FindClose 361->362 363 ee3a3fb-ee3a401 361->363 362->363
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,00000000), ref: 0EE3A3E6
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000,?,?,00000000), ref: 0EE3A3F6
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                        • Opcode ID: a45bfd4d879f0ad24d6aaca6941b00ecbd4bf427b2096baca27e839c1b0f7cf0
                                                                                                                                                                                                                                                                                        • Instruction ID: c647245ddc1a1a17b8ea78dca846d1bc570a7622de11ae07dd2adb4e095348f7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a45bfd4d879f0ad24d6aaca6941b00ecbd4bf427b2096baca27e839c1b0f7cf0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 69D02B7251460D27CA20D9BC4C9CA8E738C9F04135F281B517E9CD32D0FA21DE504595
                                                                                                                                                                                                                                                                                        Function 0F018C5C Relevance: 1.6, APIs: 1, Instructions: 356COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(0F01CD1E), ref: 0F018C7D
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalInitializeSection
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 32694325-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 6928b633b1398dee5be9fd5c00ad8ee2c0f6757f31a4221b1b2e935fb7fe1de6
                                                                                                                                                                                                                                                                                        • Instruction ID: c751c239fb8c8583158ce9bcedc08cb4ea62fd4a28c333330707bfc533394518
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6928b633b1398dee5be9fd5c00ad8ee2c0f6757f31a4221b1b2e935fb7fe1de6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0BF1E531A04149DFEB04EB98C995F9DB3F5EF44304F6981B5E108AB3A2DA74AF11EB44
                                                                                                                                                                                                                                                                                        Function 0EE3B08A Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: InfoSystem
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 31276548-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 9abbbcb7e4612bb8f1a381e6fbd200804543c6a428e390df111be8645721e9d3
                                                                                                                                                                                                                                                                                        • Instruction ID: 05810906f48bf92b1231d1db0970350b2eb2307a0493d3bc2ee358f4c717b3f0
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9abbbcb7e4612bb8f1a381e6fbd200804543c6a428e390df111be8645721e9d3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7B012606084010BC504A73C5C4244B31D01E44020FE4062074ACD6291F60DCDAA42DB
                                                                                                                                                                                                                                                                                        Function 0F0111B8 Relevance: .2, Instructions: 203COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: d06f7a6bff52ed36e369b89f5408475c34e104551cc2ff7a3bcedcb0a7117934
                                                                                                                                                                                                                                                                                        • Instruction ID: 9f3fe131945832002b344f653a79d1217b2348b1ef2d829830f1dd007e845239
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d06f7a6bff52ed36e369b89f5408475c34e104551cc2ff7a3bcedcb0a7117934
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8791D770A00608EFE704DF99C890B8DBBF2FF88314F5581A5E544AB3A6D775EA91CB44
                                                                                                                                                                                                                                                                                        Function 0EE3A060 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 156registrystringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0EE3A245,?,00000000), ref: 0EE3A099
                                                                                                                                                                                                                                                                                        • lstrcpynW.KERNEL32(?,00000000,00000105,00000000,0EE3A245,?,00000000), ref: 0EE3A0B5
                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,?,00000000,00000105,00000000,0EE3A245,?,00000000), ref: 0EE3A0E2
                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,?,00000000,00000105,00000000,0EE3A245), ref: 0EE3A100
                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,?), ref: 0EE3A11E
                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 0EE3A13C
                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,0EE3A228,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,?,00000000), ref: 0EE3A17C
                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,0EE3A228,?,80000001), ref: 0EE3A1A7
                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,0EE3A2FC,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,0EE3A228,?,80000001), ref: 0EE3A1CB
                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,0EE3A2FC,00000000,00000000,?,?,?,0EE3A2FC,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 0EE3A1F4
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,0EE3A22F,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,0EE3A228,?,80000001,Software\CodeGear\Locales), ref: 0EE3A222
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: OpenQueryValue$CloseFileModuleNamelstrcpyn
                                                                                                                                                                                                                                                                                        • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales
                                                                                                                                                                                                                                                                                        • API String ID: 3482678030-345420546
                                                                                                                                                                                                                                                                                        • Opcode ID: 0695f9adfc43f200f72c71d68d2e9a52ad976dff525a022dd201302c7f5e6c7b
                                                                                                                                                                                                                                                                                        • Instruction ID: ef1a1cdca9e23fb8d8e4475dfdcc68d3866dde85e0061f7fc79188a06d269498
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0695f9adfc43f200f72c71d68d2e9a52ad976dff525a022dd201302c7f5e6c7b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E251F171A5020CBEDB20DAB4CC49FAEB3FCEB08704F6054B5B648E7291E6719E44DB55
                                                                                                                                                                                                                                                                                        Function 0EECEC90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 126registryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetKeyboardLayoutList.USER32(00000040,?,00000000,0EECEE3D,?,0F23B370,?,0EECEEE1,00000000,0EEA4FE4,0EEFAD6F), ref: 0EECECE8
                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,00000000), ref: 0EECED50
                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,layout text,00000000,00000000,?,00000200,00000000,0EECEDF9,?,80000002,00000000), ref: 0EECED8A
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,0EECEE00,00000000,?,00000200,00000000,0EECEDF9,?,80000002,00000000), ref: 0EECEDF3
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • System\CurrentControlSet\Control\Keyboard Layouts\%.8x, xrefs: 0EECED3A
                                                                                                                                                                                                                                                                                        • layout text, xrefs: 0EECED81
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseKeyboardLayoutListOpenQueryValue
                                                                                                                                                                                                                                                                                        • String ID: System\CurrentControlSet\Control\Keyboard Layouts\%.8x$layout text
                                                                                                                                                                                                                                                                                        • API String ID: 1703357764-2652665750
                                                                                                                                                                                                                                                                                        • Opcode ID: 15690059460b50f944bccaa30ce7eb548dbb92972258d185a6450f6d23507757
                                                                                                                                                                                                                                                                                        • Instruction ID: f82f472fb136ea3a0a7f0ebd855f05a78f0ab3d76111011ce7f6a9a68a50c357
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15690059460b50f944bccaa30ce7eb548dbb92972258d185a6450f6d23507757
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30415874A1020C9FDB11DBA4CA85BAEB3F9EB48304F6028A5E904E7361D770AF41DB61
                                                                                                                                                                                                                                                                                        Function 0EE363C4 Relevance: 6.1, APIs: 4, Instructions: 145threadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 61 ee363c4-ee363d1 62 ee363d3 61->62 63 ee363d8-ee3640c GetCurrentThreadId 61->63 62->63 64 ee36410-ee3643c call ee362a8 63->64 65 ee3640e 63->65 68 ee36445-ee3644c 64->68 69 ee3643e-ee36440 64->69 65->64 71 ee36456-ee3645c 68->71 72 ee3644e-ee36451 68->72 69->68 70 ee36442 69->70 70->68 73 ee36461-ee36468 71->73 74 ee3645e 71->74 72->71 75 ee36477-ee3647b 73->75 76 ee3646a-ee36471 73->76 74->73 77 ee36481 call ee36358 75->77 78 ee366cc-ee366e1 75->78 76->75 82 ee36486 77->82 80 ee366e3-ee366ef call ee365ac call ee3663c 78->80 81 ee366f4-ee366fb 78->81 80->81 84 ee3671e-ee36722 81->84 85 ee366fd-ee36708 GetCurrentThreadId 81->85 82->78 86 ee36724-ee36727 84->86 87 ee36738-ee3673c 84->87 85->84 89 ee3670a-ee36719 call ee362c8 call ee36610 85->89 86->87 90 ee36729-ee36736 86->90 91 ee3673e-ee36745 87->91 92 ee3674c-ee36755 call ee362f0 87->92 89->84 90->87 91->92 95 ee36747-ee36749 91->95 102 ee36760-ee36765 92->102 103 ee36757-ee3675e 92->103 95->92 104 ee36783-ee3678e call ee362c8 102->104 105 ee36767-ee36777 call ee3a7f4 102->105 103->102 103->104 110 ee36793-ee36797 104->110 111 ee36790 104->111 105->104 112 ee36779-ee3677b 105->112 114 ee367a0-ee367a3 110->114 115 ee36799-ee3679b call ee36610 110->115 111->110 112->104 113 ee3677d-ee3677e FreeLibrary 112->113 113->104 117 ee367a5-ee367ac 114->117 118 ee367bf-ee367cc 114->118 115->114 119 ee367b4-ee367ba ExitProcess 117->119 120 ee367ae 117->120 118->87 120->119
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0EE363FB
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CurrentThread
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2882836952-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c10db3bb966be2edeec504d920d2ac0869a9823f33486286602f9a6db492601a
                                                                                                                                                                                                                                                                                        • Instruction ID: 256521059d01985d520ad6fb8087945788b7b651a9204ea079f336382be4e406
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c10db3bb966be2edeec504d920d2ac0869a9823f33486286602f9a6db492601a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB519BB091120AEFCF24DF38C88C75977E0BB49329F7565A9E8198B256C738DC91CB91
                                                                                                                                                                                                                                                                                        Function 0EE3A510 Relevance: 6.1, APIs: 4, Instructions: 118stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • lstrcpynW.KERNEL32(?,00000000,00000105,00000000,0EE3A6AF,?,0EE3FC30,?,00000000), ref: 0EE3A58B
                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?,?,00000000,00000105,00000000,0EE3A6AF,?,0EE3FC30,?,00000000), ref: 0EE3A597
                                                                                                                                                                                                                                                                                        • GetUserDefaultUILanguage.KERNEL32(?,?,?,00000000,00000105,00000000,0EE3A6AF,?,0EE3FC30,?,00000000), ref: 0EE3A624
                                                                                                                                                                                                                                                                                        • GetSystemDefaultUILanguage.KERNEL32(?,?,?,00000000,00000105,00000000,0EE3A6AF,?,0EE3FC30,?,00000000), ref: 0EE3A650
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: DefaultLanguage$SystemUserlstrcpynlstrlen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3749826553-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 9fa7b52294e401df982ce2c647ab246482db52bb362278b97c1bc0856329f0a7
                                                                                                                                                                                                                                                                                        • Instruction ID: ed3bb7d5db2d39c7fa405d524a9212315762fc9afa9df235b28d9a7d47d5d7de
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9fa7b52294e401df982ce2c647ab246482db52bb362278b97c1bc0856329f0a7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 61414971A1021DAACB21EB78EC8CB8AB3F5AF48310F7059B5D08C93255EB709EC0CE55
                                                                                                                                                                                                                                                                                        Function 0EE747C8 Relevance: 6.1, APIs: 4, Instructions: 59registryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 164 ee747c8-ee747f6 GetClassInfoW 165 ee74802-ee74804 164->165 166 ee747f8-ee74800 164->166 168 ee74817-ee7481c RegisterClassW 165->168 169 ee74806-ee74812 UnregisterClassW 165->169 166->165 167 ee74821-ee74856 call ee3dedc 166->167 172 ee7486c-ee74872 167->172 173 ee74858-ee7485e call ee74630 167->173 168->167 169->168 175 ee74863-ee74867 SetWindowLongW 173->175 175->172
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetClassInfoW.USER32(0EE30000,0EE747AC,?), ref: 0EE747E9
                                                                                                                                                                                                                                                                                        • UnregisterClassW.USER32(0EE747AC,0EE30000), ref: 0EE74812
                                                                                                                                                                                                                                                                                        • RegisterClassW.USER32(0F0AE088), ref: 0EE7481C
                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000FC,00000000), ref: 0EE74867
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Class$InfoLongRegisterUnregisterWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4025006896-0
                                                                                                                                                                                                                                                                                        • Opcode ID: cb5a7c09fbe589713b0bb6ddf34f83abdb942f009afa3b8ed1f7aac91618bc92
                                                                                                                                                                                                                                                                                        • Instruction ID: c59327689a2fe7eec0f712866dc19703008620cc53a1b8ea4e50d7d6a777ccae
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb5a7c09fbe589713b0bb6ddf34f83abdb942f009afa3b8ed1f7aac91618bc92
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B901C07260024CABDB00EBE9EC95F6A37A8E708325F205521FA64D7280CA75DC61D7A0
                                                                                                                                                                                                                                                                                        Function 0EE721BC Relevance: 4.6, APIs: 3, Instructions: 80threadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 214 ee721bc-ee721cb 215 ee721d5-ee721f5 call ee35554 214->215 216 ee721cd-ee721d0 call ee35ab8 214->216 220 ee721f7-ee721fb 215->220 221 ee721fd-ee721ff 215->221 216->215 220->221 222 ee72201 220->222 223 ee72203-ee72208 221->223 222->223 224 ee72210-ee72212 223->224 225 ee7220a-ee7220e 223->225 226 ee72216-ee7221d 224->226 225->224 227 ee72214 225->227 228 ee72273-ee72280 GetCurrentThread GetCurrentThreadId 226->228 229 ee7221f-ee7222f call ee36848 226->229 227->226 231 ee72283-ee72298 call ee378c8 228->231 232 ee72234-ee7223b 229->232 232->231 234 ee7223d-ee72271 GetLastError call ee48e08 call ee49af0 call ee3605c 232->234 234->231
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000004,?,00000000,0EE72299,?,0F0283CC,0F0283CC), ref: 0EE7223D
                                                                                                                                                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 0EE72273
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0EE7227B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CurrentThread$ErrorLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4172138867-0
                                                                                                                                                                                                                                                                                        • Opcode ID: b8b8d662db376908a3f5c715bb16aafd15e07437fe06a1d0a93018bcc5fb6b07
                                                                                                                                                                                                                                                                                        • Instruction ID: 3558cc8dce0b8d4d7f049264ca1e6c83ef67b084c6104f04ca0001bdded177ff
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8b8d662db376908a3f5c715bb16aafd15e07437fe06a1d0a93018bcc5fb6b07
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76214BB0A1878E9ED721DBF59C947AA7BE4AF0D310F40AC28DAD487790D671EC04DB61
                                                                                                                                                                                                                                                                                        Function 0589C230 Relevance: 3.1, APIs: 2, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 242 589c230-589c24c 243 589c24e-589c25b 242->243 244 589c2b6-589c2cc call 589c3c4 242->244 243->244 246 589c25d-589c281 GetEnvironmentStrings call 5899200 243->246 249 589c2ce-589c2d0 244->249 250 589c325-589c32d 244->250 254 589c2a1-589c2ae call 589c0f0 246->254 255 589c283-589c28c call 589c0e8 246->255 252 589c2d2-589c2d8 249->252 253 589c2f6-589c2fd 249->253 252->253 256 589c2da-589c2e1 252->256 253->250 257 589c2ff-589c306 253->257 260 589c2b3 254->260 255->254 266 589c28e-589c295 255->266 256->253 261 589c2e3-589c2f0 FreeEnvironmentStringsA 256->261 257->250 262 589c308-589c30f 257->262 260->244 261->253 264 589c311 262->264 265 589c317-589c322 call 589c0f0 262->265 264->265 265->250 266->254 267 589c297-589c29f 266->267 267->244
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetEnvironmentStrings.KERNEL32 ref: 0589C25D
                                                                                                                                                                                                                                                                                        • FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?), ref: 0589C2E9
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: EnvironmentStrings$Free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3328510275-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 7394d1cc1cac01fdd14664ba8f0cad97509aa15916b7cc61cbf643d5ca9e8068
                                                                                                                                                                                                                                                                                        • Instruction ID: f277f6e4ba6d07cded45dd656ebd21d2685e60049bf69418f1f00174763016a4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7394d1cc1cac01fdd14664ba8f0cad97509aa15916b7cc61cbf643d5ca9e8068
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2317371620205DBDF18DFD8E885B6ABBB5FB45310F18412AED11D7284EF72AD80CB51
                                                                                                                                                                                                                                                                                        Function 102296A8 Relevance: 3.1, APIs: 2, Instructions: 59memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 270 102296a8-102296c0 call 10229110 273 102296c2 270->273 274 102296c3-102296cb 270->274 273->274 275 10229732-10229734 274->275 276 102296cd-102296d4 274->276 277 10229736-1022973c 275->277 278 1022975b 275->278 279 102296d6-102296e8 276->279 280 1022971d-1022971f 276->280 277->278 282 1022973e-10229747 call 1022915c 277->282 284 1022975d-10229762 call 1022914b 278->284 279->280 283 102296ea-1022970d call 102284d2 call 10228e14 call 10229752 279->283 280->278 281 10229721-10229730 RtlAllocateHeap 280->281 281->275 282->274 291 1022974d 282->291 283->281 296 1022970f-1022971a call 1022b390 283->296 291->284 296->280
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __lock.LIBCMT ref: 102296EC
                                                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000008,?,1034C908,00000010,102292E5,00000001,00000088,?,102242A9,1022847F,?,?,?,102284EB,?,?), ref: 1022972A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AllocateHeap__lock
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4078605025-0
                                                                                                                                                                                                                                                                                        • Opcode ID: b947f909e8b01fc632a6c51582d40b786850a8b056dd61e6a870eea701e026bf
                                                                                                                                                                                                                                                                                        • Instruction ID: 9daa149bfb73ba018432ce086cba2bcb6cfe49098c56df806a63b9d00d409fbe
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b947f909e8b01fc632a6c51582d40b786850a8b056dd61e6a870eea701e026bf
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F511B6BAE1061797CB51CFD4AC81A9EB764EF847E0FA6410AFC686B190CB346821CE54
                                                                                                                                                                                                                                                                                        Function 6C64AA80 Relevance: 3.1, APIs: 2, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 299 6c64aa80-6c64aa97 300 6c64aa9d-6c64aaa0 299->300 301 6c64aa99-6c64aa9b 299->301 303 6c64aaa1-6c64aaa5 300->303 302 6c64aaf4-6c64ab02 call 6c63a000 301->302 304 6c64aab5-6c64aabb 303->304 305 6c64aaa7-6c64aaa9 jpeg_mem_term 303->305 304->303 308 6c64aabd-6c64aac0 304->308 309 6c64aab1-6c64aab3 305->309 310 6c64aac6-6c64aac8 308->310 311 6c64aac2-6c64aac4 308->311 309->304 309->308 313 6c64aaf0 310->313 314 6c64aaca 310->314 312 6c64aaf2-6c64aaf3 311->312 312->302 313->312 315 6c64aacd-6c64aad1 314->315 316 6c64aae6-6c64aaee 315->316 317 6c64aad3-6c64aad7 315->317 316->313 316->315 317->316 318 6c64aad9-6c64aae5 jpeg_mem_term 317->318 318->316
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • jpeg_mem_term.JPEG62(?,00000000,00000001,?,?,6C644EB4,6C697E48,log,6C63A91F,?,6C63A409,00000000,6C69FAF0,00000010,6C63A3DE,?), ref: 6C64AAA9
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4040411153.000000006C5F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5F0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040383654.000000006C5F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C652000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C662000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C672000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C683000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C696000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041740019.000000006C6A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041774942.000000006C6A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5f0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: jpeg_mem_term
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3099818749-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f0e1b1a4a31138c9927ca4cb75a7010353f8c3ae30d1f09c6037cb6333422646
                                                                                                                                                                                                                                                                                        • Instruction ID: a91ce34101de2d49245a5f3b158f73f8bcb602f519e94b77ce81b211fea6f182
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f0e1b1a4a31138c9927ca4cb75a7010353f8c3ae30d1f09c6037cb6333422646
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E010432605214BBDF20DE198AC469EB3A59F41328B24C639ED7957582CB31ADC486A8
                                                                                                                                                                                                                                                                                        Function 0EE3A300 Relevance: 3.1, APIs: 2, Instructions: 55libraryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0EE3A3BA,?,0EE30000,0F0ADA00), ref: 0EE3A33C
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE3A510: lstrcpynW.KERNEL32(?,00000000,00000105,00000000,0EE3A6AF,?,0EE3FC30,?,00000000), ref: 0EE3A58B
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE3A510: lstrlenW.KERNEL32(?,?,00000000,00000105,00000000,0EE3A6AF,?,0EE3FC30,?,00000000), ref: 0EE3A597
                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0EE3A3BA,?,0EE30000,0F0ADA00), ref: 0EE3A38D
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FileLibraryLoadModuleNamelstrcpynlstrlen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2912033995-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 95dad81f2bc119f525ed9cf68bf7f102607e58d2b442981941b59c9d48286ba8
                                                                                                                                                                                                                                                                                        • Instruction ID: e9c7cc7815c3a433de8d1944f680800e71c0ef93fdaf23a338e0f38e2d4593c7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 95dad81f2bc119f525ed9cf68bf7f102607e58d2b442981941b59c9d48286ba8
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0811987094061C9BDB10DB70CC59BDEB3F9DB08300F6119F6E508A3250E6705F80CE51
                                                                                                                                                                                                                                                                                        Function 6C5D10C4 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D37B2: GetEnvironmentStringsW.KERNEL32 ref: 6C5D37BB
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D37B2: _free.LIBCMT ref: 6C5D381A
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D37B2: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6C5D3829
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D1104
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D110B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$EnvironmentStrings$Free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2490078468-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 3d769d8beb60a4875ea1f06d9cb6f2709e8a137625c7a8cab2691474dfc94985
                                                                                                                                                                                                                                                                                        • Instruction ID: 5d3047a03de899f20012174273f4f05cd9d82025790857838eab0b3d1b0fd87b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d769d8beb60a4875ea1f06d9cb6f2709e8a137625c7a8cab2691474dfc94985
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23E06573E09B1086936196BE6C4159B16615BC237AB170366DC24CBBC1DB64EC8A015D
                                                                                                                                                                                                                                                                                        Function 0F088D08 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • KiUserCallbackDispatcher.NTDLL(?,-00000002,?,?,?,?,0F089E9E), ref: 0F088DD2
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 3d7d4f2f0fbb6d8764dc46b50fcc66e74b4270785b1f73c5bea85516be427dc9
                                                                                                                                                                                                                                                                                        • Instruction ID: bbb7ace1b223b24e0dabb12230e444dada8e846f41e2254eefcacf55f45d7f52
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d7d4f2f0fbb6d8764dc46b50fcc66e74b4270785b1f73c5bea85516be427dc9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2312D313117008BD765EE28C588BE7B7E5EF45301F448969E99AC7262CB30B846CB50
                                                                                                                                                                                                                                                                                        Function 6C64CD39 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C645E3A: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6C6472FD,00000001,00000364,?,6C63904B,?,?,6C638AC1,?,00000054,?), ref: 6C645E7B
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C64CDA5
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4040411153.000000006C5F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5F0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040383654.000000006C5F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C652000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C662000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C672000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C683000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C696000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041740019.000000006C6A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041774942.000000006C6A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5f0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 8fe15d31cecd705f1bd943fba5b7537a8d95c6ad685da50719aee2e80e67b4fd
                                                                                                                                                                                                                                                                                        • Instruction ID: a1191cc0a150b7ba3d3669a6b6a99a364e7c5633e2991b179e2276c23f3caa1c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8fe15d31cecd705f1bd943fba5b7537a8d95c6ad685da50719aee2e80e67b4fd
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E012B72204304ABE3218F69C840999FBE9EBC5334F25861DD59583780E730A809C66C
                                                                                                                                                                                                                                                                                        Function 0EE72468 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ResumeThread.KERNEL32(?,00000000,0EE72506,?,0F0283CC,00000000,00000000,?,0EE72D83,0F032E44,00000064,0F0283CC,00000000,0F032D8C,0F0283CC,00000001), ref: 0EE7249D
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE3B018: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 0EE3B05D
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: LoadResumeStringThread
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2522707468-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 9d759235a2cf7f40a638840b10f863ab11184f03e194ab114de316455b1b2a29
                                                                                                                                                                                                                                                                                        • Instruction ID: 2866ae014ebd2b1110059995aec34949af6cfa77454d7faf17c492423c666629
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d759235a2cf7f40a638840b10f863ab11184f03e194ab114de316455b1b2a29
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C4114870A0430CEBDB21DF74D8A4B197BE4EB4D318F50A894D9849B395D679ED84CB31
                                                                                                                                                                                                                                                                                        Function 0EE3DEDC Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000080,0EE747AC,00000000,00000000,0EE30000,00000000,00000000,00000000,00000000,00000000,00000000,80000000), ref: 0EE3DF1B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CreateWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 716092398-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 8e64869cad9ebd491d0db67b210395efc06e91ad90b013bd35d0deeb334d7e1c
                                                                                                                                                                                                                                                                                        • Instruction ID: b160c165b17e0e5817976060bca0552c9944bfab3e0144a6c790a55e69a470bc
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e64869cad9ebd491d0db67b210395efc06e91ad90b013bd35d0deeb334d7e1c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6F07AB2604118AF8B84DEADDC84E9BB7ECEB9D2A0B155565FA18D3200D630ED108BA4
                                                                                                                                                                                                                                                                                        Function 6C645E3A Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6C6472FD,00000001,00000364,?,6C63904B,?,?,6C638AC1,?,00000054,?), ref: 6C645E7B
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C64AB64: jpeg_mem_term.JPEG62(?,?,?,?,6C645E6D,?,?,6C6472FD,00000001,00000364,?,6C63904B,?,?,6C638AC1,?), ref: 6C64AB85
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4040411153.000000006C5F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5F0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040383654.000000006C5F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C652000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C662000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C672000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C683000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C696000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041740019.000000006C6A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041774942.000000006C6A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5f0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AllocateHeapjpeg_mem_term
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2474226231-0
                                                                                                                                                                                                                                                                                        • Opcode ID: cc3b104f79b704c31927ee66629aafb281720ec100c6ec6a85cc8cc76f60ba71
                                                                                                                                                                                                                                                                                        • Instruction ID: 78877c6f35c03725132a672f83b6dc2e22a4645a69f5d984bf895df0fa90dd41
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc3b104f79b704c31927ee66629aafb281720ec100c6ec6a85cc8cc76f60ba71
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7FF0E93164E6256BEB115E679C04F9F7768AF42778F20C121EC14D7E80CB20D80686EE
                                                                                                                                                                                                                                                                                        Function 0EE36848 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateThread.KERNEL32(00000000,0F0283CC,0EE36810,00000000,?,0F0283CC), ref: 0EE36898
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CreateThread
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2422867632-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 621fad39c7316d90a6797182894cd4140fbb4454a80998cd5584a0ad23cc9c90
                                                                                                                                                                                                                                                                                        • Instruction ID: f61a03bda9361c2692410901f089da87194de82494c5ce4d9a1aad1e365dfdb4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 621fad39c7316d90a6797182894cd4140fbb4454a80998cd5584a0ad23cc9c90
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5AF04971604108AFD300CBAD9C48FABB7FCEB88761F208069F508CB650C6759D15C760
                                                                                                                                                                                                                                                                                        Function 0EE394A4 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(0EE30000,?,0000020A), ref: 0EE394C2
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE3A300: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0EE3A3BA,?,0EE30000,0F0ADA00), ref: 0EE3A33C
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE3A300: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0EE3A3BA,?,0EE30000,0F0ADA00), ref: 0EE3A38D
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FileModuleName$LibraryLoad
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4113206344-0
                                                                                                                                                                                                                                                                                        • Opcode ID: ceeb4d38f3249bd511526ddb8aef53e7b93af0284fac12449261a2c3062154f2
                                                                                                                                                                                                                                                                                        • Instruction ID: de8f55f04e747f1ca8784fe372e4e2e098a33846ab923b262ffa473507508703
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ceeb4d38f3249bd511526ddb8aef53e7b93af0284fac12449261a2c3062154f2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3E0ED75A103149BCB10DE6CC8C8A4677D4AB48754F145AA1ED58CF24BE371DD10C7D1
                                                                                                                                                                                                                                                                                        Function 0EEF6FBC Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • KiUserCallbackDispatcher.NTDLL(00000029,0EEF830C,0EEA4FE4,00000001,0EEA6B53,00000000,?,0F089319,00000001,?), ref: 0EEF6FCF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 0f44e213433121299d26c86ca3d431a75830f4a01dc22381f4220e09f86e05d1
                                                                                                                                                                                                                                                                                        • Instruction ID: 01ef12c779084775e5e7842fb0502bc908392f6957efd160cb23c2507b5f0f87
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0f44e213433121299d26c86ca3d431a75830f4a01dc22381f4220e09f86e05d1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 70E0BF71210B608FE361CA69C484B93B7F8AF49215F44855DEACAC7751C771BC44CB50
                                                                                                                                                                                                                                                                                        Function 0EEF6F88 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • KiUserCallbackDispatcher.NTDLL(0EEF68AC,000000B9,0EEA4FE4,00000001,0EEA6B47,00000000,?,0F089319,00000001,?), ref: 0EEF6F9B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                                        • Opcode ID: e57a6e2b36817d7caf79ce4a269a9cb39845df9a478d900ebba0d96516e372ca
                                                                                                                                                                                                                                                                                        • Instruction ID: 0d267892682ec863dc9845dc0fb8817f854dcced02488da6674129c05ae79910
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e57a6e2b36817d7caf79ce4a269a9cb39845df9a478d900ebba0d96516e372ca
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E1E0B6B1210B608FE321CA69C485B93B7F8AF49214F04895DEACAC7762C771BC44CB90
                                                                                                                                                                                                                                                                                        Function 0EE72514 Relevance: 1.5, APIs: 1, Instructions: 18threadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetThreadPriority.KERNEL32(?,83C607EB,00000000,0F0283CC,0F032E35,00000064,0F0283CC,00000000,0F032D8C,0F0283CC,00000001,0F03406F,00000000,?,0F08941C), ref: 0EE72529
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE723EC: GetLastError.KERNEL32(00000004,0EE7253B,?,83C607EB,00000000,0F0283CC,0F032E35,00000064,0F0283CC,00000000,0F032D8C,0F0283CC,00000001,0F03406F,00000000,?), ref: 0EE723F3
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLastPriorityThread
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3452863325-0
                                                                                                                                                                                                                                                                                        • Opcode ID: cc5412cd006bc0513cbe749c90811f17a6ab47c5c593dfaebe6e4a0738b0b819
                                                                                                                                                                                                                                                                                        • Instruction ID: facb523d12e3a32bf471bfe28047b94493b6a43144b93141a8db28901e27434b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc5412cd006bc0513cbe749c90811f17a6ab47c5c593dfaebe6e4a0738b0b819
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DAD012B27009281F8614E5FD9CC0D5F62DD9B8D65B3158813F189C3220D76ADD69D7A1
                                                                                                                                                                                                                                                                                        Function 0589769C Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GlobalMemoryStatus.KERNEL32 ref: 058976A7
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: GlobalMemoryStatus
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1890195054-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f23b0d69ea68cef7998a2f0742c3a907e5a147bbd4ce5730f4cd545623348215
                                                                                                                                                                                                                                                                                        • Instruction ID: 514a35695652d889f4c247ac9b40cd7b9d983759cb29e546890861385cfe1dc1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f23b0d69ea68cef7998a2f0742c3a907e5a147bbd4ce5730f4cd545623348215
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EFB092305046006BD624AB19894AB1EB694BB88224F884618A8EC86381D67A55648787
                                                                                                                                                                                                                                                                                        Function 0EE3A404 Relevance: 1.3, APIs: 1, Instructions: 57stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • lstrcpynW.KERNEL32(?,00000000,?,00000000,0EE3A4A1,?,?,?,00000000), ref: 0EE3A46E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcpyn
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 97706510-0
                                                                                                                                                                                                                                                                                        • Opcode ID: e4634e85bf8d1fc211e1b1593345789864e7622b1fa2b2d6640020f343138300
                                                                                                                                                                                                                                                                                        • Instruction ID: f3651dc57865cf1687fd4e15cfa540854685111d10e375e91a365a174cefc133
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e4634e85bf8d1fc211e1b1593345789864e7622b1fa2b2d6640020f343138300
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B411E07191021CEFCF20DB78CC8DAAAB7E8EF05754F6054B5E88897250D7B09D80C721
                                                                                                                                                                                                                                                                                        Function 0EE74630 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,0F07E694,0EEA4FE4,0EEA4FE4,?,0EEFACFC,0EEFD174,0EEA4FE4,00000000,0EEFADED,?,0EEA4FE4,0EEA4FE4), ref: 0EE7464E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f0350735a3673649eb460a543511f03ea4b4f28ec7a81114358dbd4868bfbff6
                                                                                                                                                                                                                                                                                        • Instruction ID: fa229f296288b7c34b0f8ef5e52fce090ce48237cc64766555f8fb20d97e25e6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f0350735a3673649eb460a543511f03ea4b4f28ec7a81114358dbd4868bfbff6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35115A746043099FC720DF68D880B86F7E5EF49751F20D97AE9A88B389D374E911CBA1
                                                                                                                                                                                                                                                                                        Function 0F032DC0 Relevance: 1.3, APIs: 1, Instructions: 42sleepCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000064,0F0283CC,00000000,0F032D8C,0F0283CC,00000001,0F03406F,00000000,?,0F08941C), ref: 0F032DCF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Sleep
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                        • Opcode ID: a44ce0f09d9f247172df28e3bdd38b20ed24a069df05faa80804b24bef0bb999
                                                                                                                                                                                                                                                                                        • Instruction ID: d9f325b8605f8e9ee52f192617c680c6b96f42061455b1e35aa6c296805be3db
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a44ce0f09d9f247172df28e3bdd38b20ed24a069df05faa80804b24bef0bb999
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 110121B4A007848FDB24EF68D48479537E6BB0935DF1850FAEE088F356C7B5A884DB64
                                                                                                                                                                                                                                                                                        Function 05896AA0 Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,003FFFFF,00002000,00000001,058A2638,?,059D0000,05897100,?,?,?), ref: 05896AF0
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 115e1531431a02de32faef21669a49b40cb6962e5b5e59cdf18dad9de2bc3048
                                                                                                                                                                                                                                                                                        • Instruction ID: bf3116c04931eeca154c4727d25cb0b583c25857c654fc01a168f8cecc19bb57
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 115e1531431a02de32faef21669a49b40cb6962e5b5e59cdf18dad9de2bc3048
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4DF0B4743502155FFB388A26AAD9B363A97F380394F388535FC02C6280F7F55C808611
                                                                                                                                                                                                                                                                                        Function 0EE32A88 Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,0EE33097,?,0EE3363C), ref: 0EE32A9E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                        • Opcode ID: e1b21d0411ad93774ba87ed83a53979ce738c515497cbc046c879a14b07745fe
                                                                                                                                                                                                                                                                                        • Instruction ID: 1920013534dfdc3f9c2c468fdbd3d99522db6a4ae5d4b4f8c131b65652750427
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e1b21d0411ad93774ba87ed83a53979ce738c515497cbc046c879a14b07745fe
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 38F049F0B113005FDB24DF799946301BAD6ABC9315F2081BDD689DB7A8EBB488019B40
                                                                                                                                                                                                                                                                                        Function 05896B34 Relevance: 1.3, APIs: 1, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNEL32(?,00001000,00001000,00000004,?,?,059D0000,05897205,?,?,?), ref: 05896B4E
                                                                                                                                                                                                                                                                                          • Part of subcall function 05896B80: VirtualFree.KERNEL32(?,?,00004000,05896B62,?,00001000,00001000,00000004,?,?,059D0000,05897205,?,?,?), ref: 05896B87
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Virtual$AllocFree
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2087232378-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 2e20ccc3770c403f58c22ca8d4566ff8a4d9ca3f0033f5c63bc157eab089c8ac
                                                                                                                                                                                                                                                                                        • Instruction ID: d9f69c308feffec9e87750932b3c7f7aebc4ef3f5da65fea77bcd173d5bb5dbf
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2e20ccc3770c403f58c22ca8d4566ff8a4d9ca3f0033f5c63bc157eab089c8ac
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8BE04F72F4026127FB36143E5E85BA7548A6B887F2F1D4131BE44EB288F994CC410090
                                                                                                                                                                                                                                                                                        Function 058974C4 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 7a3bc842f3b743c6a864a09268e6cfa419d12b8f4fb829198459c1e3cf928d77
                                                                                                                                                                                                                                                                                        • Instruction ID: 4c6bf48c8a4526735ea294d9c4fd7daecc9f68adf6176d1641cf3ef687f75611
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a3bc842f3b743c6a864a09268e6cfa419d12b8f4fb829198459c1e3cf928d77
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E5100756252418FDB1DCF18D581924BBA2FB8632472DC7A9D81ACB3A5D731EC81CB84
                                                                                                                                                                                                                                                                                        Function 05899548 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 4b2117e90c47f33672aaba4ff642eb26b74ed9ca12650923517d1a99ce0265f9
                                                                                                                                                                                                                                                                                        • Instruction ID: 3888053289a033f026561b119ff1abdb73be335ea37911247e58d5a6c9d35fe1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4b2117e90c47f33672aaba4ff642eb26b74ed9ca12650923517d1a99ce0265f9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0111222060838456EF1DCF2C88DAB7A7B92AB82304F0C029CDD62CA1C7EB65C914C782
                                                                                                                                                                                                                                                                                        Function 05899094 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: b73a65a9e7c5ca879538899965e400ceb2f8946f3e2ac52c79cc75b95e9596d2
                                                                                                                                                                                                                                                                                        • Instruction ID: 166ee6c46ab96a3aeda781a7329ddcf5db0db999d6d93e10c509785bcda6ced2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b73a65a9e7c5ca879538899965e400ceb2f8946f3e2ac52c79cc75b95e9596d2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B01AD71504314CA8F1D8F19DA895627BB8FF4576870DC0AEEC19CB205DB75CA04CBA5
                                                                                                                                                                                                                                                                                        Function 0589749C Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 0b5e46b5fc57bd884eb43f10fa0b29274476d7cd02511470abd0302654b9e5ac
                                                                                                                                                                                                                                                                                        • Instruction ID: 95f0d79bf530761278f1531447b3a8cb84c094ad360a5ac0212cda38f5902bf6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b5e46b5fc57bd884eb43f10fa0b29274476d7cd02511470abd0302654b9e5ac
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64D012B237C30C29AE0CA5FD784AE6A3BCDD785568F1C8856FC0CC6547F916EC900059
                                                                                                                                                                                                                                                                                        Function 05896CEC Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 815500d11b0a9e94cfc11f24f85889a62f05754ee722cfdee35ee2f2bd5d3a58
                                                                                                                                                                                                                                                                                        • Instruction ID: 45a0fca744f07a193094b2540bbb6be03d3013e1dac3244ead886b1853f348b2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 815500d11b0a9e94cfc11f24f85889a62f05754ee722cfdee35ee2f2bd5d3a58
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5DC09B365493086BDB1467D9F80A9C53B9CD748776F140005F90DC7181DD67F48047E5
                                                                                                                                                                                                                                                                                        Function 05896C54 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 9b7fc6c50657e5f919f2c14fe7e10cc2bfd65b7c04aa8eba548e4c909ae2f710
                                                                                                                                                                                                                                                                                        • Instruction ID: 0c4e3f413683d11f52853da1a610e55582208de7ec550770989c3bdd65c0dd9c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9b7fc6c50657e5f919f2c14fe7e10cc2bfd65b7c04aa8eba548e4c909ae2f710
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 51B0123641930C9B9B005AD8F80A8C53BDCD64C631B000001F90D83100DE31F44047A4

                                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                                        Function 0F095BC0 Relevance: 128.0, APIs: 2, Strings: 82, Instructions: 2044COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(0F111038,?,0F097D9C,?), ref: 0F095CE0
                                                                                                                                                                                                                                                                                          • Part of subcall function 0F095AC4: EnterCriticalSection.KERNEL32(0F111020,00000000,0F095BB2,?,?,?,0F097A8A), ref: 0F095B14
                                                                                                                                                                                                                                                                                          • Part of subcall function 0F095AC4: LeaveCriticalSection.KERNEL32(0F111020,0F095B9C,0F111020,00000000,0F095BB2,?,?,?,0F097A8A), ref: 0F095B8F
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$Enter$Leave
                                                                                                                                                                                                                                                                                        • String ID: ADDPRINTER$ADDPRINTER "$Arial$BUFFERED$BUFFERRES$CHECKEXIST$COLLATE$COPIES$DEBUGMODE$DIALOG$DISABLEAA$DONTSETDEVMODE$DONTWAIT$DUPLEX$EQUALXOFF$FOOTER-C$FOOTER-L$FOOTER-R$FOOTERC$FOOTERFONT$FOOTERL$FOOTERR$FOOTERSIZE$FROM$HEADER-C$HEADER-L$HEADER-R [#]/[##]$HEADERC$HEADERFONT$HEADERL$HEADERR$HEADERSIZE$HEADFOOTTEST$JBIG2TOOL$LIMITA3$LISTPRINTER$LISTTRAY$LOGFILE$LOWQUALITY$MEDIATYPE$MEMORY.PDF$MEMORYSIZE$NO_OFFSET$OUTLINEFONTS$OVERPAGE$PAPERBIN$PAPERLENGTH$PAPERSIZE$PAPERWIDTH$PRINTER$PRINTERNAME$PRINTRANGE$PROGRESSWND$QUIET$RANGE$STDGDI$STRETCH$Selected Printer is $Switching to Printer $TITLE$TRAY1$TRAY2$There are no printers visible to this application$USEBITMAP$WATERMARK$WRITEPRINTER$WRITEPRINTER expects hex encoded data!$WRITEPRINTERAFTER$WRITEPRINTERAFTER expects hex encoded data!$WRITEPRINTERBEFORE$WRITEPRINTERBEFORE expects hex encoded data!$WRITEPRINTERBEFORESTART$WRITEPRINTERBEFORESTART expects hex encoded data!$WRITEPRINTERFIRSTPAGE$WRITEPRINTERFIRSTPAGE expects hex encoded data!$WRITEPRINTERNEXTPAGE$WRITEPRINTERNEXTPAGE expects hex encoded data!$pdfPrint: File not found $pdfPrint: Loaded %d pages$pdfPrint: PDF was not loaded$wPDF-Printer $wPDFSDK - cannot locate printer "
                                                                                                                                                                                                                                                                                        • API String ID: 2801635615-3506632881
                                                                                                                                                                                                                                                                                        • Opcode ID: 45dfdfbb2121c2360343a1509d6d5616620fc7579a21ebc96b01e04b02f4e434
                                                                                                                                                                                                                                                                                        • Instruction ID: 814f3d97c509076cd960761faf8f80a7857d56312afb713ab1069405c5d46a95
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 45dfdfbb2121c2360343a1509d6d5616620fc7579a21ebc96b01e04b02f4e434
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60131774A0425D8FCF10EB68C884BDEB7F1AF49300F5489A5E409AB356EB35AE85DF50
                                                                                                                                                                                                                                                                                        Function 0F069D78 Relevance: 70.8, APIs: 38, Strings: 2, Instructions: 789fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetAbortProc.GDI32(00000000,0F068D4C,00000000), ref: 0F069F41
                                                                                                                                                                                                                                                                                        • SetAbortProc.GDI32(00000000,0F068D4C,00000000,0F068D4C,00000000), ref: 0F069F66
                                                                                                                                                                                                                                                                                        • EndPage.GDI32(00000000), ref: 0F069F9B
                                                                                                                                                                                                                                                                                        • StartPage.GDI32(00000000), ref: 0F069FB9
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 0F06A028
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0F06A03F
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 0F06A058
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0F06A06F
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 0F06A0A1
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0F06A0C2
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000006E), ref: 0F06A0FA
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000006F), ref: 0F06A112
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000070), ref: 0F06A12A
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000070), ref: 0F06A14D
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000071), ref: 0F06A16C
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000008), ref: 0F06A188
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000070), ref: 0F06A19E
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000A), ref: 0F06A1BB
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000071), ref: 0F06A1D1
                                                                                                                                                                                                                                                                                        • SaveDC.GDI32(00000000), ref: 0F06A20E
                                                                                                                                                                                                                                                                                        • SetMapMode.GDI32(00000000,00000001), ref: 0F06A239
                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(0F06B779,00000000,00000048), ref: 0F06A242
                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(0F06B779,00000000,00000048), ref: 0F06A250
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 0F06A37A
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0F06A392
                                                                                                                                                                                                                                                                                        • PlayEnhMetaFile.GDI32(00000000,?,00000000), ref: 0F06A3C7
                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(0F06B779,00000078,00000048), ref: 0F06A461
                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(0F06B779,00000078,00000048), ref: 0F06A478
                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(0F06B779,000000C8,00000048), ref: 0F06A4AF
                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(0F06B779,000000C8,00000048), ref: 0F06A4C8
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 0F06A4E7
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0F06A4FF
                                                                                                                                                                                                                                                                                        • PlayEnhMetaFile.GDI32(00000000,?,?), ref: 0F06A5AE
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(?,0000005A), ref: 0F06A61F
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(?,00000008), ref: 0F06A62F
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(?,0000000A), ref: 0F06A63B
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CapsDevice$AbortFileMetaPagePlayProc$ModeSaveStart
                                                                                                                                                                                                                                                                                        • String ID: Page $Printing not allowed!
                                                                                                                                                                                                                                                                                        • API String ID: 2380074485-545845978
                                                                                                                                                                                                                                                                                        • Opcode ID: c802c5bdf969fed4498d99c084c1830e79a91a6cf92787d91567bec27cf6e112
                                                                                                                                                                                                                                                                                        • Instruction ID: 83f201f310f313738d5cb360e1beebe7d8792314745d3879be7810b908214545
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c802c5bdf969fed4498d99c084c1830e79a91a6cf92787d91567bec27cf6e112
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 41620B70A00209AFDB50FBB8C985BDDBBF5AF49300F6554A5F504BB2A2CB78AD44CB51
                                                                                                                                                                                                                                                                                        Function 0EFCFFA0 Relevance: 50.1, Strings: 39, Instructions: 1379COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: is password protected!$ obj$0000000000 65535 f$AESV2$AESV3$CFM$Cannot decrypt this file!$Cannot open PDF file without password!$Creator$ERROR in XREF Table$Encrypt$EncryptMetadata$File $Filter$Index$Length$None$Prev$Producer$Root$Size$Standard$StdCF$adobe pdf$canon ir2020$d2evision$distiller$expressprinting$ghostscript$infoprint server$meta reports$oracle$password="$pdfscanlib$scanfront$synactis$trailer$wpcubed$xref
                                                                                                                                                                                                                                                                                        • API String ID: 0-2493714411
                                                                                                                                                                                                                                                                                        • Opcode ID: 9aad0b7c73b788976b914a08574e0ed3d19046f5073e63605cbf25b39ef12b23
                                                                                                                                                                                                                                                                                        • Instruction ID: 4583da367adabd4c6448fbba46e1372580b479a45a1b0ff1d4678ea0af3668ee
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9aad0b7c73b788976b914a08574e0ed3d19046f5073e63605cbf25b39ef12b23
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8D23B74E0521A8FDB10DB64C898BEEBBF2AF44304F1885E5D808AB355DB74AD89CF51
                                                                                                                                                                                                                                                                                        Function 0EE85770 Relevance: 48.5, APIs: 32, Instructions: 503windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetObjectW.GDI32(00000000,00000054,?), ref: 0EE857F0
                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 0EE85801
                                                                                                                                                                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 0EE85812
                                                                                                                                                                                                                                                                                        • CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 0EE8585E
                                                                                                                                                                                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 0EE85882
                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 0EE85ADF
                                                                                                                                                                                                                                                                                        • SelectPalette.GDI32(?,00000000,00000000), ref: 0EE85B1F
                                                                                                                                                                                                                                                                                        • RealizePalette.GDI32(?), ref: 0EE85B2B
                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 0EE85B94
                                                                                                                                                                                                                                                                                        • SetBkColor.GDI32(?,00000000), ref: 0EE85BAF
                                                                                                                                                                                                                                                                                        • SetDIBColorTable.GDI32(?,00000000,00000002,00000000,?,00000000,?,00000000,?,00000000,00000000,0EE85D3F,?,00000000,0EE85D61), ref: 0EE85BF8
                                                                                                                                                                                                                                                                                        • FillRect.USER32(?,?,?), ref: 0EE85B7C
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE7E910: GetSysColor.USER32(00000028), ref: 0EE7E91A
                                                                                                                                                                                                                                                                                        • PatBlt.GDI32(?,00000000,00000000,?,?,00FF0062), ref: 0EE85C1A
                                                                                                                                                                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 0EE85C2D
                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 0EE85C50
                                                                                                                                                                                                                                                                                        • SelectPalette.GDI32(?,00000000,00000000), ref: 0EE85C6C
                                                                                                                                                                                                                                                                                        • RealizePalette.GDI32(?), ref: 0EE85C77
                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 0EE85C95
                                                                                                                                                                                                                                                                                        • SetBkColor.GDI32(?,00000000), ref: 0EE85CB0
                                                                                                                                                                                                                                                                                        • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0EE85CD8
                                                                                                                                                                                                                                                                                        • SelectPalette.GDI32(?,00000000,000000FF), ref: 0EE85CEA
                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 0EE85CF4
                                                                                                                                                                                                                                                                                        • DeleteDC.GDI32(?), ref: 0EE85D0F
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE7FB84: EnterCriticalSection.KERNEL32(0EE87DDA,?,?,?,00000000,0EE85DC1,?,00000000,00000000,?,?,?,0EE86270,?,?,00000000), ref: 0EE7FBAC
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE7FB84: CreateBrushIndirect.GDI32(?), ref: 0EE7FC39
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE7FB84: LeaveCriticalSection.KERNEL32(?,0EE7FC6D,0EE87DDA,?,?,?,00000000,0EE85DC1,?,00000000,00000000,?,?,?,0EE86270,?), ref: 0EE7FC60
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ColorSelect$CreatePalette$Object$Compatible$BitmapCriticalRealizeSectionText$BrushDeleteEnterFillIndirectLeaveRectTable
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3271313764-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 3f6fed71711f48db4352c4ec3e83542e39220ed4da06468ae8b579f2f4bcbe76
                                                                                                                                                                                                                                                                                        • Instruction ID: 0022f7753cebee016882800e876c70ae284fe9ee292da93cb3058b715775c420
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f6fed71711f48db4352c4ec3e83542e39220ed4da06468ae8b579f2f4bcbe76
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0312C675A10208AFDB10EFA8C994F9EB7F8EB08314F519955F918EB2A1C774ED84CB50
                                                                                                                                                                                                                                                                                        Function 0EFDC404 Relevance: 35.8, Strings: 28, Instructions: 787COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: A85$AHx$ASCII85DECODE$ASCIIHexDecode$BlackIs1$CCF$CCITTFaxDecode$Columns$DCT$DCTDecode$DecodeParms$Dont know how to $EncodedByteAlign$EndOfLine$FLATEDECOD$FLATEDECODE$Height$JBIG2Decode$JBIG2Globals$JPXDecode$LZW$LZWDECODE$RLE$RUNLENGTHD$RUNLENGTHDECODE$Rows$Width$Wrong Syntax for "Filter" (2)
                                                                                                                                                                                                                                                                                        • API String ID: 0-1414192544
                                                                                                                                                                                                                                                                                        • Opcode ID: 4254f0f93390603c0c7f2c4a679e6db35283a684b7e4ed88a77a492cdfaa0e87
                                                                                                                                                                                                                                                                                        • Instruction ID: 4cfeb6e7cb8d27e8c44eac1c9e4d27b7383262723ff5685b93445531a5a85788
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4254f0f93390603c0c7f2c4a679e6db35283a684b7e4ed88a77a492cdfaa0e87
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 18723C74A042099FCB10EF78C898A9EBBF6EF49354F2485A5E814DB355DB30ED89CB50
                                                                                                                                                                                                                                                                                        Function 6C5C3050 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 280memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000042,?), ref: 6C5C306B
                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 6C5C3072
                                                                                                                                                                                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 6C5C30DF
                                                                                                                                                                                                                                                                                        • GlobalSize.KERNEL32(?), ref: 6C5C3117
                                                                                                                                                                                                                                                                                        • GlobalHandle.KERNEL32(?), ref: 6C5C3124
                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 6C5C3127
                                                                                                                                                                                                                                                                                        • GlobalHandle.KERNEL32(?), ref: 6C5C312E
                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 6C5C3131
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Global$Handle$AllocFreeLockSizeUnlockXinvalid_argumentstd::_
                                                                                                                                                                                                                                                                                        • String ID: list<T> too long
                                                                                                                                                                                                                                                                                        • API String ID: 222629620-4027344264
                                                                                                                                                                                                                                                                                        • Opcode ID: 6a33ae92cb0a2237d7d249da4f5a31a61cc6d71b5e4928f18164c87d112a7bec
                                                                                                                                                                                                                                                                                        • Instruction ID: 3286960fd9a653f49c691ab2fed5a39ad560ba67d3722ec0848635e4ae00be60
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6a33ae92cb0a2237d7d249da4f5a31a61cc6d71b5e4928f18164c87d112a7bec
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3916D71B002199FCB04DFA9CC909AEB7B5FB8931471585AEE81ADB650DB30AD04CB91
                                                                                                                                                                                                                                                                                        Function 0EE39E64 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 152stringlibraryfileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?), ref: 0EE39E81
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,GetLongPathNameW), ref: 0EE39E98
                                                                                                                                                                                                                                                                                        • lstrcpynW.KERNEL32(?,?,?), ref: 0EE39EC8
                                                                                                                                                                                                                                                                                        • lstrcpynW.KERNEL32(?,?,?,kernel32.dll,?,?,?), ref: 0EE39F37
                                                                                                                                                                                                                                                                                        • lstrcpynW.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,?,?,?), ref: 0EE39F7F
                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,?,?,?), ref: 0EE39F92
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(?,?,?,?,?,00000001,?,?,?,kernel32.dll,?,?,?), ref: 0EE39FA8
                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,?,?,?), ref: 0EE39FB4
                                                                                                                                                                                                                                                                                        • lstrcpynW.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,?,?), ref: 0EE39FF0
                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?,?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,?), ref: 0EE39FFC
                                                                                                                                                                                                                                                                                        • lstrcpynW.KERNEL32(?,?,?,?,?,?,00000104,?,?,?,?,?,?,00000001,?,?), ref: 0EE3A01F
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                                                                                                                                                                                                        • String ID: GetLongPathNameW$\$kernel32.dll
                                                                                                                                                                                                                                                                                        • API String ID: 3245196872-3908791685
                                                                                                                                                                                                                                                                                        • Opcode ID: de13a41f58af69fec7b284a74e7808f7703a4ca380d3dbff53f45fca4b82f3a3
                                                                                                                                                                                                                                                                                        • Instruction ID: 532bc722a3782bc9455b445dab2f735cb8e06c2b6a78404b622843ecccdc9619
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de13a41f58af69fec7b284a74e7808f7703a4ca380d3dbff53f45fca4b82f3a3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71518371E0061DAFCB10DAB8CC88ADE73F9AB48310F2459A59648E7254E775DF80CF55
                                                                                                                                                                                                                                                                                        Function 1023590A Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 246COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: ./\
                                                                                                                                                                                                                                                                                        • API String ID: 0-3176372042
                                                                                                                                                                                                                                                                                        • Opcode ID: ee97021eb51b14d6d126fc2a8627b242cfbbcac2dd4cda9990a6d65b4c2bc111
                                                                                                                                                                                                                                                                                        • Instruction ID: 4009dcb58ed6c686c6e0b1b7a0fbb3a8860b6e979e366a828689abe840da6fe8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee97021eb51b14d6d126fc2a8627b242cfbbcac2dd4cda9990a6d65b4c2bc111
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 67914FB5800229AACB20DFA58C45AEFB7FCFF0C716F10455AF948EA150E738DA50DB61
                                                                                                                                                                                                                                                                                        Function 102331ED Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 90libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(user32.dll,1034C744,0000000C,?), ref: 10233205
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 10233221
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 10233232
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 1023323F
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetUserObjectInformationA), ref: 10233255
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetProcessWindowStation), ref: 10233266
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                                                        • String ID: $GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$user32.dll
                                                                                                                                                                                                                                                                                        • API String ID: 2238633743-752805172
                                                                                                                                                                                                                                                                                        • Opcode ID: ceb4dc8fdaa9aeb67a7e740e58d5863aecb09499a7191494e40d7e3676440c55
                                                                                                                                                                                                                                                                                        • Instruction ID: e28e30350a8ea95fa6206e4432c6bd7516cab9c3a036c95c8e409590408a7ac7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ceb4dc8fdaa9aeb67a7e740e58d5863aecb09499a7191494e40d7e3676440c55
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6421FBB161021AABE7519F748CC4FA73BACEB4D686F14412AFD04E6251D770DE14D760
                                                                                                                                                                                                                                                                                        Function 0F06B05C Relevance: 14.6, APIs: 4, Strings: 4, Instructions: 602windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE378A0: SysAllocStringLen.OLEAUT32(?,?), ref: 0EE378AE
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000044E,0000006E,?), ref: 0F06B557
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000044E,00000074,00000001), ref: 0F06B598
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000044E,0000006F,00000000), ref: 0F06B60B
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000044E,00000070,00000000), ref: 0F06B74B
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend$AllocString
                                                                                                                                                                                                                                                                                        • String ID: SELECTED$even$odd$selected
                                                                                                                                                                                                                                                                                        • API String ID: 348148221-1777954622
                                                                                                                                                                                                                                                                                        • Opcode ID: 45755de3086cdbb0d69b32921b8bc082cfc46bf0b57e21007f06224706fe38af
                                                                                                                                                                                                                                                                                        • Instruction ID: 9d20f6acfb26f04ad0ee192c75daa5c0a5cef8b9427e630b040a238a019e1714
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 45755de3086cdbb0d69b32921b8bc082cfc46bf0b57e21007f06224706fe38af
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF3215F0A002499FDB10DFA9C984BAEBBF5EF84314F5484A5E804EB262D775ED85CB50
                                                                                                                                                                                                                                                                                        Function 1001B1C0 Relevance: 14.3, Strings: 10, Instructions: 1796COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: colormap id: 0x%lx$ red, green, blue max: %lu %lu %lu$ red, green, blue mult: %lu %lu %lu$...$Standard Colormap:$UnableToCreateColormap$UnableToDitherImage$XMakeStandardColormap$\Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\xwindow.c$`%s'
                                                                                                                                                                                                                                                                                        • API String ID: 0-4237211512
                                                                                                                                                                                                                                                                                        • Opcode ID: 0df501baa2869edc138f42fad33634dd705785a56d694588fbcf3f952fb4d403
                                                                                                                                                                                                                                                                                        • Instruction ID: 7cd2b150f3108bfe8490f1037bfd7518dc1d2d572b224c464bf0c88b2bc1b1a2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0df501baa2869edc138f42fad33634dd705785a56d694588fbcf3f952fb4d403
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 70E2CCB46087009BD318CF55C884A6BB7F9FFC9744F518A1CF8899B225D734E899CB92
                                                                                                                                                                                                                                                                                        Function 0F030C70 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 208sleepCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 0F030F21
                                                                                                                                                                                                                                                                                          • Part of subcall function 0F028794: EnterCriticalSection.KERNEL32(?,?,?,0F0301B6,00000000,0F08A37C,00000000,0F08A469,?,00000000,0F08A48C,?,?,?,?), ref: 0F02879F
                                                                                                                                                                                                                                                                                          • Part of subcall function 0F028794: LeaveCriticalSection.KERNEL32(?,?,?,?,0F0301B6,00000000,0F08A37C,00000000,0F08A469,?,00000000,0F08A48C,?,?,?,?), ref: 0F0287B2
                                                                                                                                                                                                                                                                                        • InterlockedIncrement.KERNEL32(-00000048), ref: 0F030CE3
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A,-00000048), ref: 0F030CEC
                                                                                                                                                                                                                                                                                        • InterlockedCompareExchange.KERNEL32(-00000050,00000000,00000000), ref: 0F030D07
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 0F030D19
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,0F030D5D), ref: 0F030D50
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$Interlocked$EnterLeave$CompareDecrementExchangeIncrementSleep
                                                                                                                                                                                                                                                                                        • String ID: Initialize Viewer Stage 1$Stop Thread
                                                                                                                                                                                                                                                                                        • API String ID: 1632168941-2715198399
                                                                                                                                                                                                                                                                                        • Opcode ID: 7bcd6690103412e08b376b4fe58b24511a32829ea3e53365fe612ee579ec92d8
                                                                                                                                                                                                                                                                                        • Instruction ID: bd83c6e9c5607671fc53d91abd265a492bc8179e0c0b4f0bc8875a9b227753d6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7bcd6690103412e08b376b4fe58b24511a32829ea3e53365fe612ee579ec92d8
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7191E574A01605EFDB15DFA9C584A9DB3FAFF48204F6982F5E8089B726C770AE41DB40
                                                                                                                                                                                                                                                                                        Function 10058E50 Relevance: 12.9, APIs: 2, Strings: 5, Instructions: 625COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 10015630: Sleep.KERNEL32(?), ref: 10015646
                                                                                                                                                                                                                                                                                          • Part of subcall function 1001E720: Sleep.KERNEL32(00000032,?,?,?,?,?,?,?,?,?,?,?,?,?,10058EB9,?), ref: 1001E763
                                                                                                                                                                                                                                                                                          • Part of subcall function 1001E720: Sleep.KERNEL32(00000064,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1001E7FC
                                                                                                                                                                                                                                                                                        • __time32.LIBCMT ref: 100590CB
                                                                                                                                                                                                                                                                                        • __time32.LIBCMT ref: 100590F2
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Sleep$__time32
                                                                                                                                                                                                                                                                                        • String ID: @$Dismiss$Notice$XNoticeWidget$\Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\widget.c
                                                                                                                                                                                                                                                                                        • API String ID: 1079554827-1588282503
                                                                                                                                                                                                                                                                                        • Opcode ID: eddbf3375511f50b131a4f0cbc6d200da0c70c4eee23ef7997fbc35043c155cc
                                                                                                                                                                                                                                                                                        • Instruction ID: c068e369da7f1d22c2df6e561ea5fad0ad8d2635cd9a24cbabfd1ce2df9fd67c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eddbf3375511f50b131a4f0cbc6d200da0c70c4eee23ef7997fbc35043c155cc
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C3291756043829FD724CF24C880BAF77E6EFC6344F14891CE9898B245EB71A949CB92
                                                                                                                                                                                                                                                                                        Function 0F089EE0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 163COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalEnterSection
                                                                                                                                                                                                                                                                                        • String ID: Initialize Painter$Initialize Viewer$Load from file: $UpdateStatus
                                                                                                                                                                                                                                                                                        • API String ID: 1904992153-4154364625
                                                                                                                                                                                                                                                                                        • Opcode ID: f71eb9bd728791a47da3184c65a13979331dd960a6186e7bd1447b8ad72ebca7
                                                                                                                                                                                                                                                                                        • Instruction ID: a5c8b71c43500d09485d84aea0fb8c8c79028f4e663ddb3a282972054abd9d07
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f71eb9bd728791a47da3184c65a13979331dd960a6186e7bd1447b8ad72ebca7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78610974B00208AFDB05EF69C895AEEBBF1EF49310F5584F5E8849B752CA34AD42CB50
                                                                                                                                                                                                                                                                                        Function 6C5C5240 Relevance: 11.3, APIs: 1, Strings: 5, Instructions: 772COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Read_dir
                                                                                                                                                                                                                                                                                        • String ID: .8bf$ENTRYPOINT$PiMI$PiPL$_8BFM
                                                                                                                                                                                                                                                                                        • API String ID: 3526490388-848145555
                                                                                                                                                                                                                                                                                        • Opcode ID: 8a16febf31238b43f64b92ecbd68e5bb111752afc32248ee837d464cd468e4f9
                                                                                                                                                                                                                                                                                        • Instruction ID: 9282f14b06c278eedc6a74dc1c6106b9443a6121fa8611156d27fa357061798c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8a16febf31238b43f64b92ecbd68e5bb111752afc32248ee837d464cd468e4f9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F724B71A01268DBDB25DBA4CC88BDDB7B9AF54308F5081D9D409A7650EB34AFC8CF52
                                                                                                                                                                                                                                                                                        Function 10016730 Relevance: 10.8, Strings: 8, Instructions: 756COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: #d6d6d6d6d6d6$...$ColorIsNotKnownToServer$ImageMagick$UnableToGetPixelInfo$XGetPixelPacket$\Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\xwindow.c$`%s'
                                                                                                                                                                                                                                                                                        • API String ID: 0-1096673297
                                                                                                                                                                                                                                                                                        • Opcode ID: 391dab3ee6d04cf02f4bcf89b82af8418b927ed88721b4f21ee6063ddb08182b
                                                                                                                                                                                                                                                                                        • Instruction ID: d15a8b438143bc60db1da9055d6e0f6517720f93dcd0f6234f03f3127777ed79
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 391dab3ee6d04cf02f4bcf89b82af8418b927ed88721b4f21ee6063ddb08182b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA52CE75A04B019BC318CF16C98592AFBFAFF8A304F41861DF8898B665D735F468CB91
                                                                                                                                                                                                                                                                                        Function 10054EC0 Relevance: 9.4, Strings: 7, Instructions: 672COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: ...$@$MemoryAllocationFailed$XCommandWidget$Z$\Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\widget.c$`%s'
                                                                                                                                                                                                                                                                                        • API String ID: 0-3965758327
                                                                                                                                                                                                                                                                                        • Opcode ID: 28f31d95b855d3c73a055c62d8693cdccc6af26f3925e554749e94cf3ca59172
                                                                                                                                                                                                                                                                                        • Instruction ID: 14d1f545129c48043a0fce6f8274e443955d1bdc833344b273062000e9ecad10
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 28f31d95b855d3c73a055c62d8693cdccc6af26f3925e554749e94cf3ca59172
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3842AAB5A007158FD718CF28CC94A9AB7E5FB89304F15862DE949CB362E731E849CF91
                                                                                                                                                                                                                                                                                        Function 6C62A4C0 Relevance: 9.3, APIs: 6, Instructions: 338COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • jpeg_fill_bit_buffer.JPEG62(?,?,?,00000000), ref: 6C62A5D6
                                                                                                                                                                                                                                                                                        • jpeg_huff_decode.JPEG62(?,?,?,?,?), ref: 6C62A616
                                                                                                                                                                                                                                                                                        • jpeg_fill_bit_buffer.JPEG62(?,?,?,00000001), ref: 6C62A689
                                                                                                                                                                                                                                                                                        • jpeg_fill_bit_buffer.JPEG62(?,?,?,00000001), ref: 6C62A73B
                                                                                                                                                                                                                                                                                        • jpeg_fill_bit_buffer.JPEG62(?,?,?,00000000), ref: 6C62A81C
                                                                                                                                                                                                                                                                                        • jpeg_fill_bit_buffer.JPEG62(?,?,?,00000001), ref: 6C62A8A2
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4040411153.000000006C5F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5F0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040383654.000000006C5F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C652000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C662000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C672000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C683000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C696000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041740019.000000006C6A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041774942.000000006C6A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5f0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: jpeg_fill_bit_buffer$jpeg_huff_decode
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 23109129-0
                                                                                                                                                                                                                                                                                        • Opcode ID: ee4fdfea59d680f94cd72cd9b0d58eaf873fcd530413c8b802c8be5650b60a76
                                                                                                                                                                                                                                                                                        • Instruction ID: d4a3715164f3ae1d2b79bd3fd7c9dd6b61decda41b954c00dfae917027a98d12
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee4fdfea59d680f94cd72cd9b0d58eaf873fcd530413c8b802c8be5650b60a76
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7E11875E012288BCB28CF19C881BD9B3B5EF49314F1441EAD989A7742D7B5AEC1CF94
                                                                                                                                                                                                                                                                                        Function 1022BBD5 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 134COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _TranslateName.LIBCMT ref: 1022BC30
                                                                                                                                                                                                                                                                                        • _TranslateName.LIBCMT ref: 1022BC79
                                                                                                                                                                                                                                                                                        • IsValidCodePage.KERNEL32(00000000,10394EE0,?,10394E58,10223C7D,?,103BC1FC,?,?,00000000,?), ref: 1022BCDD
                                                                                                                                                                                                                                                                                        • IsValidLocale.KERNEL32(00000001), ref: 1022BCF3
                                                                                                                                                                                                                                                                                          • Part of subcall function 1022BAC3: _strlen.LIBCMT ref: 1022BAC9
                                                                                                                                                                                                                                                                                          • Part of subcall function 1022BAC3: EnumSystemLocalesA.KERNEL32(1022B6C1,00000001,?,10394E58,10223C7D,?,103BC1FC,?,?,00000000,?), ref: 1022BAE3
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: NameTranslateValid$CodeEnumLocaleLocalesPageSystem_strlen
                                                                                                                                                                                                                                                                                        • String ID: Norwegian-Nynorsk
                                                                                                                                                                                                                                                                                        • API String ID: 3216505715-461349085
                                                                                                                                                                                                                                                                                        • Opcode ID: 3536a97d475b212d8e62568967bffe0ced1727c1f864c80e4d7ca7c9adc59bd7
                                                                                                                                                                                                                                                                                        • Instruction ID: f752d1f9edf1e8673762227b772fd3f25fe01bc24b0d16d97028114603d2e4c0
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3536a97d475b212d8e62568967bffe0ced1727c1f864c80e4d7ca7c9adc59bd7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6411D715142969EDB339FF2BCC0A9533D4EB86385BE1412BE545DB150DA30BC60CF21
                                                                                                                                                                                                                                                                                        Function 0EFCC380 Relevance: 7.9, Strings: 6, Instructions: 434COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: $%PDF-1.$Unknown file format$XXXXXXXN$Z$xref
                                                                                                                                                                                                                                                                                        • API String ID: 0-2680113747
                                                                                                                                                                                                                                                                                        • Opcode ID: db99bb1df1e83f8489eaef490c88079f232d32af132a3d1cf510a1856cb586e4
                                                                                                                                                                                                                                                                                        • Instruction ID: c69b3cc4d8f2149d1808398e8732c9002e2f7719f0504e41ff3f225c71f38b56
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: db99bb1df1e83f8489eaef490c88079f232d32af132a3d1cf510a1856cb586e4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13022970E0024ADFDB10DBB8C6A4AAEFBF1EF48300F60856AD449E7255DB34AE45DB50
                                                                                                                                                                                                                                                                                        Function 100299B0 Relevance: 7.7, Strings: 6, Instructions: 226COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: %08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx$MemoryAllocationFailed$Signature$SignatureImage$\Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\signature.c$`%s'
                                                                                                                                                                                                                                                                                        • API String ID: 0-4238622100
                                                                                                                                                                                                                                                                                        • Opcode ID: d9954ac72d266631a714dd167c9f92952ae96896d877b23d0bcd76ec269ce8c0
                                                                                                                                                                                                                                                                                        • Instruction ID: 78fee2a8dd778c7e64e50d8a0d255b75e70f100771fa67ba7395f8f5e3f27e6e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d9954ac72d266631a714dd167c9f92952ae96896d877b23d0bcd76ec269ce8c0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 287148702097819FD319CBA89C80A9B77D9EFDE704F54862CF5C99B347D671A806C3A2
                                                                                                                                                                                                                                                                                        Function 10017570 Relevance: 7.1, Strings: 5, Instructions: 875COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: ...$MemoryAllocationFailed$XGetWindowImage$\Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\xwindow.c$`%s'
                                                                                                                                                                                                                                                                                        • API String ID: 0-2476234802
                                                                                                                                                                                                                                                                                        • Opcode ID: 3a3f071f4d28d2d8667ab55bf67fe94ca59291d1416ae217d902cfede34de8f2
                                                                                                                                                                                                                                                                                        • Instruction ID: 1a0596f1e7f37efb7629e40c785d20c0bdd7d064b35a90447fbc6eaec5c8f9ce
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3a3f071f4d28d2d8667ab55bf67fe94ca59291d1416ae217d902cfede34de8f2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0726D746087029FC314DF58C880A6BB7F5FF88744F558A2DE8898B356E731E985CB92
                                                                                                                                                                                                                                                                                        Function 10020510 Relevance: 7.1, Strings: 5, Instructions: 872COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • ..., xrefs: 1002052A
                                                                                                                                                                                                                                                                                        • XMakeMagnifyImage, xrefs: 10020534
                                                                                                                                                                                                                                                                                        • Magnify %luX, xrefs: 10020627
                                                                                                                                                                                                                                                                                        • \Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\xwindow.c, xrefs: 10020539
                                                                                                                                                                                                                                                                                        • %+d%+d %s , xrefs: 10020F1A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: %+d%+d %s $...$Magnify %luX$XMakeMagnifyImage$\Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\xwindow.c
                                                                                                                                                                                                                                                                                        • API String ID: 0-2579791802
                                                                                                                                                                                                                                                                                        • Opcode ID: d1287c398c378f0487214116e5089259a3233e1755d70d8a8c28944ac1817e34
                                                                                                                                                                                                                                                                                        • Instruction ID: a82c0683a1a8d90ff566a2ddfe2e0c24faf7527ade68fc82a24dfa5eda4385ca
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1287c398c378f0487214116e5089259a3233e1755d70d8a8c28944ac1817e34
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 10729D756083458FC314CF29D890A9BBBE6FBC9744F918A1DF88987352D730E949CB92
                                                                                                                                                                                                                                                                                        Function 10051FB0 Relevance: 6.9, Strings: 5, Instructions: 637COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: Classify/Image$ClassifyImageColors$MemoryAllocationFailed$\Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\quantize.c$`%s'
                                                                                                                                                                                                                                                                                        • API String ID: 0-2490065716
                                                                                                                                                                                                                                                                                        • Opcode ID: 53f81b16faeb84ea4601c61d225b2a6499672b1b3b0ae71efefa3eb416fb8a28
                                                                                                                                                                                                                                                                                        • Instruction ID: 026270fee6f1aac25248c0f26f785515b1c4337092e3646eb6a1e43e335f2c91
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 53f81b16faeb84ea4601c61d225b2a6499672b1b3b0ae71efefa3eb416fb8a28
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7942BFB4A087019FC304CF15C88466ABBE5FFC9794F158A5CF8899B395E730E969CB81
                                                                                                                                                                                                                                                                                        Function 6C5CD344 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,?,?,00000000,?), ref: 6C5CD3A8
                                                                                                                                                                                                                                                                                        • __Read_dir.LIBCPMT ref: 6C5CD3FA
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 6C5CD408
                                                                                                                                                                                                                                                                                        • std::tr2::sys::_Strcpy.LIBCPMT ref: 6C5CD418
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Find$CloseFileFirstRead_dirStrcpystd::tr2::sys::_
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 77177125-0
                                                                                                                                                                                                                                                                                        • Opcode ID: bf56db4dbecc1a4c7aecb739335ce9fc770fb241abb5dc975bf269731cd35850
                                                                                                                                                                                                                                                                                        • Instruction ID: 143f3ebb1fbf82da6ed6f3e6ec5b7e68bb0ba5943ca3844cb1ad480a0f4de645
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bf56db4dbecc1a4c7aecb739335ce9fc770fb241abb5dc975bf269731cd35850
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 52315E31A40218DBCF20DFA4DC88AEEB7B8EF45314F504599E519E7680D7746E84CB62
                                                                                                                                                                                                                                                                                        Function 1000D580 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • FindFirstFileA.KERNEL32 ref: 1000D625
                                                                                                                                                                                                                                                                                        • FindFirstFileA.KERNEL32(?,00000004), ref: 1000D662
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FileFindFirst
                                                                                                                                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                                                                                                                                        • API String ID: 1974802433-1173974218
                                                                                                                                                                                                                                                                                        • Opcode ID: b59a6069be8355982b057b0f52f05eec515b2b53ec7ce0ad6031e074e53fd371
                                                                                                                                                                                                                                                                                        • Instruction ID: 132064ebcf37525f97c1860514ec8a0502e1361e97345cae22c35b3056db8156
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b59a6069be8355982b057b0f52f05eec515b2b53ec7ce0ad6031e074e53fd371
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5721A4795002809AE321DB64DC41BDB73E4EB8C792F40492EF6CEC7185E6B5A594CBA2
                                                                                                                                                                                                                                                                                        Function 0589B5FC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24timeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLocalTime.KERNEL32(?,00000000,00000000,?,0589B81E,00000000,00000000,-000000F6,00000000,?,0589B8E6,Abnormal program termination,0589C0AC,00000000,00000000), ref: 0589B600
                                                                                                                                                                                                                                                                                        • wsprintfA.USER32 ref: 0589B639
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • %02d/%02d/%04d %02d:%02d:%02d.%03d , xrefs: 0589B62F
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: LocalTimewsprintf
                                                                                                                                                                                                                                                                                        • String ID: %02d/%02d/%04d %02d:%02d:%02d.%03d
                                                                                                                                                                                                                                                                                        • API String ID: 1577811021-3388318165
                                                                                                                                                                                                                                                                                        • Opcode ID: 5fe7f41c3adb9b55182c7d1bda17c0a4213bbf2a530dc2740badbf6303cc6432
                                                                                                                                                                                                                                                                                        • Instruction ID: b346612cb2bdec346d9525e9d76a3f594403ec667695c4d85ec8d83845d91c68
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5fe7f41c3adb9b55182c7d1bda17c0a4213bbf2a530dc2740badbf6303cc6432
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83E012A354C721A59654DF8A8C0193FB1ECA98CE12F44490DBAD4C0280F63CC8D8E377
                                                                                                                                                                                                                                                                                        Function 0EE399FC Relevance: 4.6, APIs: 3, Instructions: 100COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • IsValidLocale.KERNEL32(?,00000002,00000000,0EE39B63,?,?,?,00000000), ref: 0EE39AA8
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,00000059,?,00000055,?,00000002,00000000,0EE39B63,?,?,?,00000000), ref: 0EE39AC4
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,0000005A,?,00000055,00000000,00000059,?,00000055,?,00000002,00000000,0EE39B63,?,?,?,00000000), ref: 0EE39AD5
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Locale$Info$Valid
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1826331170-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 53242364c53412dd68939fe83246a00956aef4eb89f5db3addcc71601f18568d
                                                                                                                                                                                                                                                                                        • Instruction ID: d3313fa2fc334bb61df9fc44a30a181e3e91ad9b6a2435aca6286f98dc40bd1f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 53242364c53412dd68939fe83246a00956aef4eb89f5db3addcc71601f18568d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C231D170A0061CAFEB20DB71CC88BEF77B9EB88301F605596A50863244E7B65E40CF11
                                                                                                                                                                                                                                                                                        Function 6C5D0504 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 6C5D05FC
                                                                                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 6C5D0606
                                                                                                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(3F7FFCD8,?,?,?,?,?,00000000), ref: 6C5D0613
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 9d98903580c40e5e6f63b7c07ba3cc777b4beb5cbeab8978de3ed9de74ecde5f
                                                                                                                                                                                                                                                                                        • Instruction ID: 165f1085d9c1d33b0ffb1b464023912eda7cfda70b68b5178e5b5a7c31b23e33
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d98903580c40e5e6f63b7c07ba3cc777b4beb5cbeab8978de3ed9de74ecde5f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA3192759112289BCB21DF68DD887DDBBB8AF48314F5042DAE41CA7250E770AF858F89
                                                                                                                                                                                                                                                                                        Function 1022BAFA Relevance: 4.5, APIs: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _strlen.LIBCMT ref: 1022BB00
                                                                                                                                                                                                                                                                                        • _strlen.LIBCMT ref: 1022BB18
                                                                                                                                                                                                                                                                                        • EnumSystemLocalesA.KERNEL32(1022B7D2,00000001,00000000,?), ref: 1022BB5F
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _strlen$EnumLocalesSystem
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2581538701-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 9cc7560d01b7d3ab943c4bb0e304415c4c695cc5d9672ebffca00dde0197619c
                                                                                                                                                                                                                                                                                        • Instruction ID: 0b9b0fe2c8d395963d200fc0057af09e4e6d6b9b4bbf9154ef53cb8b6d94fe52
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9cc7560d01b7d3ab943c4bb0e304415c4c695cc5d9672ebffca00dde0197619c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 18F06D3297022A8BDB318FB6DD893A037E8E7C739DFA0021AE849961A0C3747591CE50
                                                                                                                                                                                                                                                                                        Function 6C5D0CA3 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,6C5D0CA2,00000008,6C5E1330,?,00000008,?,?), ref: 6C5D0CC5
                                                                                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,6C5D0CA2,00000008,6C5E1330,?,00000008,?,?), ref: 6C5D0CCC
                                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 6C5D0CDE
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 80bf28df962682779e13b49f5fa0642609dcef575dbf60a4604204ec230c6295
                                                                                                                                                                                                                                                                                        • Instruction ID: 52388bf21dc803e0cbad9528fbab7d9663465b5897e284304d3840cfd2d023ad
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80bf28df962682779e13b49f5fa0642609dcef575dbf60a4604204ec230c6295
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A7E04631100748EBCF026F68DC0CA893B38FB91246B124412F80486A21CB36FC92CB9C
                                                                                                                                                                                                                                                                                        Function 10021B20 Relevance: 3.9, Strings: 3, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • ..., xrefs: 10021B22
                                                                                                                                                                                                                                                                                        • \Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\utility.c, xrefs: 10021B31
                                                                                                                                                                                                                                                                                        • Base64Encode, xrefs: 10021B2C
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: ...$Base64Encode$\Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\utility.c
                                                                                                                                                                                                                                                                                        • API String ID: 0-1102168081
                                                                                                                                                                                                                                                                                        • Opcode ID: a1f787e85c8c02254a2f2f710e2f6520cd982da4a3a4f9493e010a57627d5113
                                                                                                                                                                                                                                                                                        • Instruction ID: e238379a4f58b66f0e068216e7e48438f36853153a1abda7a5ac01d1fb9900b0
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1f787e85c8c02254a2f2f710e2f6520cd982da4a3a4f9493e010a57627d5113
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA41292560D3E606D72ADA2944A07A7BFD2EFE7144F5981DDE8C28F387C1A94845C3A1
                                                                                                                                                                                                                                                                                        Function 100184F0 Relevance: 3.7, Strings: 2, Instructions: 1233COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • XMakeImageLSBFirst, xrefs: 1001851C
                                                                                                                                                                                                                                                                                        • \Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\xwindow.c, xrefs: 10018521
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: XMakeImageLSBFirst$\Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\xwindow.c
                                                                                                                                                                                                                                                                                        • API String ID: 0-2654284985
                                                                                                                                                                                                                                                                                        • Opcode ID: 7f9161ea832561c5825c8814e1012bf97c077300d17bd5d22b36e0a77074b0ab
                                                                                                                                                                                                                                                                                        • Instruction ID: 7541a9637a66537b059ffc52660349527d4ded8e8ecd7c143a9f37b875a2574e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f9161ea832561c5825c8814e1012bf97c077300d17bd5d22b36e0a77074b0ab
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8A2DF746087629FC358CF19C88461AB7F5FF8A704F818A1DF8C58B264D770E999CB52
                                                                                                                                                                                                                                                                                        Function 10019A80 Relevance: 3.7, Strings: 2, Instructions: 1230COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • XMakeImageMSBFirst, xrefs: 10019AAC
                                                                                                                                                                                                                                                                                        • \Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\xwindow.c, xrefs: 10019AB1
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: XMakeImageMSBFirst$\Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\xwindow.c
                                                                                                                                                                                                                                                                                        • API String ID: 0-4166462741
                                                                                                                                                                                                                                                                                        • Opcode ID: 06ad949a8299780b4de9fa548eac89b4c33c7e36c0e186dafb6a81dd4ee74268
                                                                                                                                                                                                                                                                                        • Instruction ID: 48f5bada9dde3ee47a7c4efc007fb31db4be1221155c1c439d24a54ff8198f1c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 06ad949a8299780b4de9fa548eac89b4c33c7e36c0e186dafb6a81dd4ee74268
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19A2EF706087529FC358CF15D88462ABBF5FF8A740F81891DF8C58B665D730E89ACB92
                                                                                                                                                                                                                                                                                        Function 0EE8B298 Relevance: 3.2, Strings: 2, Instructions: 670COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: EVAL$WPCubed
                                                                                                                                                                                                                                                                                        • API String ID: 0-3350489565
                                                                                                                                                                                                                                                                                        • Opcode ID: cb61e9cd6f6bd5a83bfa7b1935a1f90b99ad7cff05cb406c9f5c7037cc6de053
                                                                                                                                                                                                                                                                                        • Instruction ID: a73eeff68c6baa2184a3220fcc3139176d9ca8a098da781120dd61f9b4b17e34
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb61e9cd6f6bd5a83bfa7b1935a1f90b99ad7cff05cb406c9f5c7037cc6de053
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 36427A71E1021E9BDB20EBB8C994B9EB7F5AF44204F1095B6D50DEB244EB74EE84CB50
                                                                                                                                                                                                                                                                                        Function 0EE8105C Relevance: 3.0, APIs: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,0EE810F8,?,00000000,?,0EE81110,?,0EE8580B,00000000,00000000,?,?,?,0EE86270,?,?), ref: 0EE8107C
                                                                                                                                                                                                                                                                                        • FormatMessageW.KERNEL32(00001000,00000000,00000000,00000400,?,00000100,00000000,00000000,0EE810F8,?,00000000,?,0EE81110,?,0EE8580B,00000000), ref: 0EE810A2
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 2538b98c4b5fc95a327ca4411cf46d7d0089c6cfe798ab3dd14d8e6ec758fbb6
                                                                                                                                                                                                                                                                                        • Instruction ID: 624b64d38107414ce3b2c0932790cee4fa4d1e22ffcef8809e3ea58677b4030a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2538b98c4b5fc95a327ca4411cf46d7d0089c6cfe798ab3dd14d8e6ec758fbb6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8501F77160438E9FE721FA718D55BAAB3E8E708704F5054B1EA0CA3281EA706D05DA10
                                                                                                                                                                                                                                                                                        Function 0EE44A84 Relevance: 3.0, APIs: 2, Instructions: 23fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(00000000,?,00000000), ref: 0EE44A9F
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000,00000000,?,00000000), ref: 0EE44AAA
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 9d9de26495b5eaaf71c1d8285f2ff6eb47e794a18cbf99c3981809b0cab931f5
                                                                                                                                                                                                                                                                                        • Instruction ID: 6cbff2c8c657137127ff6a33fc77c1c83f22d2c18a8fc2ea10a7f58947486edc
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d9de26495b5eaaf71c1d8285f2ff6eb47e794a18cbf99c3981809b0cab931f5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4DE08CA260424C12CB10A5B81C8CBAA72CC1B04228F541FA16968D32D2FA348E1480A8
                                                                                                                                                                                                                                                                                        Function 1022BB80 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _strlen.LIBCMT ref: 1022BB86
                                                                                                                                                                                                                                                                                        • EnumSystemLocalesA.KERNEL32(1022B9F2,00000001,?,10394E58,10223C7D,?,103BC1FC,?,?,00000000,?), ref: 1022BBBE
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: EnumLocalesSystem_strlen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 216762292-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 880ab2dd8217108fbeccda48f13212cac740a3443d62d2b647eddbc15b9d98db
                                                                                                                                                                                                                                                                                        • Instruction ID: 09a44313550e3527e06306537e293d9755a5ef9fc7ef506058f530624298cfa4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 880ab2dd8217108fbeccda48f13212cac740a3443d62d2b647eddbc15b9d98db
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6E09A7293016A8BDB32CFA2EC88B503BE9E38775DF90421BE948894A4C7787490CF10
                                                                                                                                                                                                                                                                                        Function 1022BAC3 Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _strlen.LIBCMT ref: 1022BAC9
                                                                                                                                                                                                                                                                                        • EnumSystemLocalesA.KERNEL32(1022B6C1,00000001,?,10394E58,10223C7D,?,103BC1FC,?,?,00000000,?), ref: 1022BAE3
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: EnumLocalesSystem_strlen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 216762292-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 82fbedb624e5f71ab62538ef51fcee8e6e2c5178335e87c6a9b397c65b136544
                                                                                                                                                                                                                                                                                        • Instruction ID: 09eb849f109b405381e73cfa794620ccaedc78d5b1bb6d12c25b7a14771519b3
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 82fbedb624e5f71ab62538ef51fcee8e6e2c5178335e87c6a9b397c65b136544
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24D05E729302294AE7318FB3DC8C7603B98F783B4DF80820ADA84C40B0C7BAB4508F00
                                                                                                                                                                                                                                                                                        Function 05891E64 Relevance: 3.0, Strings: 1, Instructions: 1700COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                                                                        • API String ID: 0-2766056989
                                                                                                                                                                                                                                                                                        • Opcode ID: 88f92c30d64a5336ddd41870fdfc92aea2bceeef25ee6003d5e5804ee92ddf7f
                                                                                                                                                                                                                                                                                        • Instruction ID: 6c404f550e550fe85e4d0b50891b2f465fa7aabf82f5e3a4a4d2525a3cb61eb7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 88f92c30d64a5336ddd41870fdfc92aea2bceeef25ee6003d5e5804ee92ddf7f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AEE22875F046099FDF18CEA8C990AAEB7F2FB89304F288168E856E7745D731AD41CB50
                                                                                                                                                                                                                                                                                        Function 1006ABB0 Relevance: 2.8, Strings: 2, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • \Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\statistic.c, xrefs: 1006ABDD
                                                                                                                                                                                                                                                                                        • GetImageChannelDepth, xrefs: 1006ABD8
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: GetImageChannelDepth$\Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\statistic.c
                                                                                                                                                                                                                                                                                        • API String ID: 0-4228947106
                                                                                                                                                                                                                                                                                        • Opcode ID: 82bda0aed8efd34238d02560dac9afebd52c35c7f42bbd286ae755e917ff7c1c
                                                                                                                                                                                                                                                                                        • Instruction ID: 96d98c4a26b9b329d87d5e8ed0c1781e90a0948e4a517f7c38af7c450859c613
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 82bda0aed8efd34238d02560dac9afebd52c35c7f42bbd286ae755e917ff7c1c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 069158717043528BD308DE2AC880A2AF7E2FFC9654F19893DF888C7651E731DD958B92
                                                                                                                                                                                                                                                                                        Function 058911CF Relevance: 2.5, APIs: 2, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000009C), ref: 058911F3
                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,00000008,0000009C), ref: 058911F9
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Heap$AllocProcess
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1617791916-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 83a0dd73ccbe7ec2f1e3123b65ef1b94b060e5f1c65cbe84299cae1c938633dd
                                                                                                                                                                                                                                                                                        • Instruction ID: 240cc0c075162b7b9853c9a83744dc3f4953aadf30f51e4d9a6e0de57680f94f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 83a0dd73ccbe7ec2f1e3123b65ef1b94b060e5f1c65cbe84299cae1c938633dd
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2CE0ED507543027AEE2D72B8EC0DF3A3E5EEB90752F08047ABE02D4091CD555C84C176
                                                                                                                                                                                                                                                                                        Function 1004D380 Relevance: 1.8, Strings: 1, Instructions: 543COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: Rotate/Image
                                                                                                                                                                                                                                                                                        • API String ID: 0-431179658
                                                                                                                                                                                                                                                                                        • Opcode ID: 4291aa26e46fb9832586e799119cf29fd13e89e90f27bc0a1af6a5af828a630b
                                                                                                                                                                                                                                                                                        • Instruction ID: 4a8423ad3bf8e262c8cf4a2becdbc646ca984fae47a346e6586515c8e8c16271
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4291aa26e46fb9832586e799119cf29fd13e89e90f27bc0a1af6a5af828a630b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66026F747047055FD754EF29C881B2BB3EAEF88644F21863EF98AC7241EA70F9058B59
                                                                                                                                                                                                                                                                                        Function 6C5D4DDB Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000000), ref: 6C5D5008
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 9f1e485650c012b8d32de15829d24b41ea53b7c19f357d5169835dc3c84ce629
                                                                                                                                                                                                                                                                                        • Instruction ID: 7dfd4cfb71b98ff7bdc5432ff2b8c952bbcb6763103f109eff737b2247e820b0
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9f1e485650c012b8d32de15829d24b41ea53b7c19f357d5169835dc3c84ce629
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EAB16A712117099FD705CF2CC886B557BE0FF05368F668658E8AACF6A1C335E982CB85
                                                                                                                                                                                                                                                                                        Function 6C618CB0 Relevance: 1.7, Strings: 1, Instructions: 483COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4040411153.000000006C5F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5F0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040383654.000000006C5F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C652000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C662000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C672000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C683000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C696000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041740019.000000006C6A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041774942.000000006C6A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5f0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: VUUU
                                                                                                                                                                                                                                                                                        • API String ID: 0-2040033107
                                                                                                                                                                                                                                                                                        • Opcode ID: 87b7a5262c22468fe446309a2a944a8f238a6f5cf552c1871c4eabf9fbaeac13
                                                                                                                                                                                                                                                                                        • Instruction ID: 1217d208e6ece545e728273e2fb4a89371a05b0ac31d74936e5ed69c861f2eff
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 87b7a5262c22468fe446309a2a944a8f238a6f5cf552c1871c4eabf9fbaeac13
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D128C30A08A059FCB14CF2DC4C0AEAB3F5FF4534EF14852DD5AA8BA54E335AA55CB58
                                                                                                                                                                                                                                                                                        Function 6C5D28DF Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: d5d690e611f89fc143d6ec95bd9aa200cb572ad14f81e285533026a08de212d2
                                                                                                                                                                                                                                                                                        • Instruction ID: 3f5d403fdf6b3babf1d071116b42add399a84f9b2021ede1467037d859a22041
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d5d690e611f89fc143d6ec95bd9aa200cb572ad14f81e285533026a08de212d2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 834191B1804319AEDB10DF6DCC98AEABBB9EF85304F1542D9E41993600DA35AE858F14
                                                                                                                                                                                                                                                                                        Function 0F06BC30 Relevance: 1.6, Strings: 1, Instructions: 330COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: SELECTED
                                                                                                                                                                                                                                                                                        • API String ID: 0-1587160010
                                                                                                                                                                                                                                                                                        • Opcode ID: 396133239192e68d4afc392d151974d9c7bfaea4c53bea4f0e551b175d038fcc
                                                                                                                                                                                                                                                                                        • Instruction ID: efc8a7b4a4970538bf351e60997281bfe27093a0717f148410283ada31bdc57f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 396133239192e68d4afc392d151974d9c7bfaea4c53bea4f0e551b175d038fcc
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 15C11BF1B042199FDB54EF68C880BAEB7F1AF89300F5589A5E811EB366D634EC45CB50
                                                                                                                                                                                                                                                                                        Function 1000475A Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: 6!
                                                                                                                                                                                                                                                                                        • API String ID: 0-1019654792
                                                                                                                                                                                                                                                                                        • Opcode ID: 56f0dbdc58d9769071d310f51dd7db68e8c06c86beaeca2684876f997c90462b
                                                                                                                                                                                                                                                                                        • Instruction ID: fb9ff7651dd40ead8c26107489bea6894bdc42b1a4692da368cd8c80af879838
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 56f0dbdc58d9769071d310f51dd7db68e8c06c86beaeca2684876f997c90462b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1F0C9759183408BE728CF60D0D59A6F7F0FF86300F41545AD58A8B156DA34A524DA9A
                                                                                                                                                                                                                                                                                        Function 0EE8A25C Relevance: .9, Instructions: 884COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 7a1423cbe52efab681c334093df3f5ed99dc00c0e6149750e8f99461d729cd60
                                                                                                                                                                                                                                                                                        • Instruction ID: bf9146656486ae50dc00e335081dfa78430f5a0b8adb9f0bad7e146cc085375d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a1423cbe52efab681c334093df3f5ed99dc00c0e6149750e8f99461d729cd60
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8526D37F604289BDB08CBACCC826CDB7E1AF84358B1D8278D854E7701D5BCEE169694
                                                                                                                                                                                                                                                                                        Function 102301E9 Relevance: .6, Instructions: 644COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 10d3fcb890e002bd108e8dab8c6027dd9b4a760ea8874fcbfc4ad45690b36f13
                                                                                                                                                                                                                                                                                        • Instruction ID: f16f0a8964963242819d985d4dc5a13a95e1f0703cff7d9b962ff2c5efe81cd1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 10d3fcb890e002bd108e8dab8c6027dd9b4a760ea8874fcbfc4ad45690b36f13
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB325572D29F514DD7539634C8B2326A24DEFBB3C6F11D727F81AB99A6EB29C4834100
                                                                                                                                                                                                                                                                                        Function 0EF1EF88 Relevance: .6, Instructions: 641COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: d41783d73637a0a5fcb995b602658d613f6868f6811cd36f74013267a980fd25
                                                                                                                                                                                                                                                                                        • Instruction ID: 7e3fea310aaf0f61ff27a411b6c53b9bdceb579ecbf7b44ac721db5ce880b4d3
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d41783d73637a0a5fcb995b602658d613f6868f6811cd36f74013267a980fd25
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF523D72A08355CFDB19CF18C4A475ABBE2BFC8304F548AADD8954B29AC774DC45CB82
                                                                                                                                                                                                                                                                                        Function 6C5FBCE0 Relevance: .5, Instructions: 524COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4040411153.000000006C5F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5F0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040383654.000000006C5F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C652000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C662000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C672000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C683000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C696000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041740019.000000006C6A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041774942.000000006C6A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5f0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: e07775097766a6e44a00a6d494db11961012a91bc1b37f5444b8f25ab4bead4d
                                                                                                                                                                                                                                                                                        • Instruction ID: b07a723174721e181229b4c61421b6a578ee59c31cafe8655607677b1b653dbd
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e07775097766a6e44a00a6d494db11961012a91bc1b37f5444b8f25ab4bead4d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CD220932919F804AD7368B3DC8813A6B7E1AFD6328F498B2ED4E563A91E7309449C741
                                                                                                                                                                                                                                                                                        Function 100ECA60 Relevance: .5, Instructions: 496COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 0f82ba7f343eb23117a83bcdb58e6e6de3426782880ced642947a9f5b34c7a95
                                                                                                                                                                                                                                                                                        • Instruction ID: b9f78e90d28c72a79a05209b2849c2ee741287807b2ff38172cdc5c4836de003
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0f82ba7f343eb23117a83bcdb58e6e6de3426782880ced642947a9f5b34c7a95
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 99128D74604B458FD328CF2AC4E0A6AB7F1FB84305F50892ED99B87B52C675F845CB91
                                                                                                                                                                                                                                                                                        Function 100292F3 Relevance: .5, Instructions: 491COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 2fde5c6710986d6025a1d7d85d177e578797cf8f9aa09e800ea3e979a4ff7ca7
                                                                                                                                                                                                                                                                                        • Instruction ID: 8e1dcbb84f2fdb95ad81bde9a7154b2cc2fc38ff84416a6c56b70762977b5d8c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2fde5c6710986d6025a1d7d85d177e578797cf8f9aa09e800ea3e979a4ff7ca7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49F15C72A083158FD308CF4ED88401AF7E6AFCC714F4A8A7DD95597352DAB0ED16CA89
                                                                                                                                                                                                                                                                                        Function 100292D4 Relevance: .5, Instructions: 485COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: a9c83308d21109a17377399e8c1f79d45facae4d53bd151c10851fbb27d1afa3
                                                                                                                                                                                                                                                                                        • Instruction ID: 9611240f8080f57d7b81bc52076d0145050152f3f950ccecaf345a590e2a6449
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a9c83308d21109a17377399e8c1f79d45facae4d53bd151c10851fbb27d1afa3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A5F15F72A083158FD308CF4ED88401AF7E6AFCC714F4A8A7DD95597352DAB0ED16CA89
                                                                                                                                                                                                                                                                                        Function 058939D4 Relevance: .4, Instructions: 446COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 0efe8b47d7835f9ea8f5e56892eedf8e19d13db33edb6f6d213433c62b71b615
                                                                                                                                                                                                                                                                                        • Instruction ID: bf32114d81f66d48ca4bbe01083caa15eeaeb118c9351f20d2ae63d72aacf75e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0efe8b47d7835f9ea8f5e56892eedf8e19d13db33edb6f6d213433c62b71b615
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8026A75B042459FCF18CF68C4D09AE7BB2EF89310B288698DD55DB38ADA30ED41CB91
                                                                                                                                                                                                                                                                                        Function 100EC590 Relevance: .4, Instructions: 363COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: e09058c5f567989d21720b0caaa694ffcd36ba99fc7b9fa3761be04be54a9b6f
                                                                                                                                                                                                                                                                                        • Instruction ID: bc20c17af786d05c5d41e344c860923f5690936f3b2dde7f9188f93968ce9df2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e09058c5f567989d21720b0caaa694ffcd36ba99fc7b9fa3761be04be54a9b6f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13E13775A043558FC348CF0AC1D4D2ABBE1FF98310F6641AED98A5B722C731E946CB91
                                                                                                                                                                                                                                                                                        Function 6C5FC4C0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4040411153.000000006C5F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5F0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040383654.000000006C5F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C652000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C662000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C672000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C683000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C696000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041740019.000000006C6A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041774942.000000006C6A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5f0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 58ef66d236cea24f71ffbdc103472dffda86af63cf286a2ad69e48b3dc255fca
                                                                                                                                                                                                                                                                                        • Instruction ID: 8f3c28c35c939b5ff9f09072c9e14b33723e2b2a7b256dadf7cd6badc3558dd3
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 58ef66d236cea24f71ffbdc103472dffda86af63cf286a2ad69e48b3dc255fca
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2DC1807492AB0196D7168F38C482536F3A1FFE17187A4C75AD8D2B755EFB20E4A2C780
                                                                                                                                                                                                                                                                                        Function 0EF243D4 Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: b004d493b138cd63e1616b998d7ee406bdbe41c3dd826331c5590f6677f62316
                                                                                                                                                                                                                                                                                        • Instruction ID: b5740e4d155ffbf946a03911298bc2cb5c3d5326c3c63fe3429a305c7f60f1ed
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b004d493b138cd63e1616b998d7ee406bdbe41c3dd826331c5590f6677f62316
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E713473F3492157971CCA79CD6126E56E29BC86A075FC63DEC8AEF380D8349C5286C4
                                                                                                                                                                                                                                                                                        Function 0EF22F0C Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 8edbc22c7405612587b3705b247d0bc703d12d156190f4babee4519dbdbef6d2
                                                                                                                                                                                                                                                                                        • Instruction ID: db17d0e08b76c3201dfb0b81a8333ced8ee7a75d2dc70d5fb948ea80829f7c53
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8edbc22c7405612587b3705b247d0bc703d12d156190f4babee4519dbdbef6d2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2A61712278D79203E33D8E7D5CF02B7DAD35FCA21862EC57D94DAC3F56E86AA4164108
                                                                                                                                                                                                                                                                                        Function 0F0011AC Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 5eb87f7f8a73b51132b0b05db30423390aee9caa2ae7e496cc257fdbc52bd9fb
                                                                                                                                                                                                                                                                                        • Instruction ID: 9eb2756d26a3012da2e6dce9bdb1e25f6b7fc7bab39ba115dbd6d4757699799d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5eb87f7f8a73b51132b0b05db30423390aee9caa2ae7e496cc257fdbc52bd9fb
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D0A1BFB1A00209DFDB40DFACC881AAEBBF6FF88314F058568E454E7251D334A991CB65
                                                                                                                                                                                                                                                                                        Function 0EF23650 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 0e6e49d35d80a1aba047eaf28e2fc6ed5741c50bf51b0310806ca86b9cd18c59
                                                                                                                                                                                                                                                                                        • Instruction ID: dba09b91cac36292f1b3644b4528adf0ad11824bb2f958d48badf0ce84181993
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e6e49d35d80a1aba047eaf28e2fc6ed5741c50bf51b0310806ca86b9cd18c59
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3816F73D114374BEB628EA88C443A17392AFCC39EF5B45B0ED05BB64AD638BD5196C0
                                                                                                                                                                                                                                                                                        Function 0EF2339C Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: ba6b1d93cea86660705e83ffb4d52ceb0be6dd627906f4007d75deb068d5bc45
                                                                                                                                                                                                                                                                                        • Instruction ID: a6d975b239c31450a3a56c056382666098e78659f1ddb8ad7c50602ca6bd8ee7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba6b1d93cea86660705e83ffb4d52ceb0be6dd627906f4007d75deb068d5bc45
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E713873E214775BEB608EB8C8443617392EFC961CF5B46B0CE05BB646C634BD5296C0
                                                                                                                                                                                                                                                                                        Function 0EFFBF60 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 9b79ec59df8569fcc8cb654d7d23664cf4e8d467e520d1d5178fa9171df85fc5
                                                                                                                                                                                                                                                                                        • Instruction ID: 2605e8848067b58d0b7be4c017aa6a557c91ce9e15962e16a694b7e6e81f6609
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9b79ec59df8569fcc8cb654d7d23664cf4e8d467e520d1d5178fa9171df85fc5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D5519CB4E11A089F9748DF9FC584989FBF2EFCC220B56C1A59458DB335E731AA81CE44
                                                                                                                                                                                                                                                                                        Function 0EE33704 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                                                                                                                                                                                                                                        • Instruction ID: d9ca5c35b085eece62e9f9345e2df5b5b2dbbbf6d6fdc43b5a6e4acac797e09a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 44317E3213659B4EC7088B3CC8514ADAB93BE937353A843B7C071CB5D7D7B5A26E8290
                                                                                                                                                                                                                                                                                        Function 0EF242E8 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 7072b4551dc181f4287ab42ed0b06930830dc55350251e4be69368ed8af29906
                                                                                                                                                                                                                                                                                        • Instruction ID: 3877d734f24e58843165be085e440335110512eca17a56b180d785ffa5afe58f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7072b4551dc181f4287ab42ed0b06930830dc55350251e4be69368ed8af29906
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A317175A003218FD718CF9CD4D4465F7A0FB8D321B4A86AEDB469B392C279A960CFD0
                                                                                                                                                                                                                                                                                        Function 0EE38CB4 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: d17ffc1b7c175c9f3f133bcf490b3ef334a0cf6f2a578ee1034f9dfeca47056c
                                                                                                                                                                                                                                                                                        • Instruction ID: 8b8bd8de2a657b90a57e3971b80689548100001f06752f14a06935a35b466b20
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d17ffc1b7c175c9f3f133bcf490b3ef334a0cf6f2a578ee1034f9dfeca47056c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B01D632B057110B870CDD3ECD9862AB6C3ABD8910F59C73DA589C76C8CE318C1AC786
                                                                                                                                                                                                                                                                                        Function 05896390 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 5d21e1da7834ba7fb43c8b8c8163ae31caa3990e0d58b423f7c400181b851379
                                                                                                                                                                                                                                                                                        • Instruction ID: 2054c7153ed6c688eefd05295b4fc211c385dbf33797d725fd1ea977fe06f093
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d21e1da7834ba7fb43c8b8c8163ae31caa3990e0d58b423f7c400181b851379
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76012BB2A097018FD70CCF2B9555A567AE3AFC8310F1AC1BE940D8F376DB3085418E59
                                                                                                                                                                                                                                                                                        Function 6C5D24EB Relevance: .0, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: cf9b7517444d1eb297bef0442c2f571e37065b6aadf0ac690ec46bc73afe435a
                                                                                                                                                                                                                                                                                        • Instruction ID: 7429c96d899e9a95ddb92955c1d799a53aa2044096ca5c087a530ecc0213cc56
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cf9b7517444d1eb297bef0442c2f571e37065b6aadf0ac690ec46bc73afe435a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14E04632923228EBC715CA8D9D08D9AB3ECEB49E10B12059AB914D3A11E670AE00CBD4
                                                                                                                                                                                                                                                                                        Function 0EE3DCFE Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 7315418399927ce198f3e22e7f1b23cf34b7abda184db206b5adc139b39f8021
                                                                                                                                                                                                                                                                                        • Instruction ID: cb96a167ae26bb07dd031aa7e526795b9868cc80bca9204cdb2d01d35e04171f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7315418399927ce198f3e22e7f1b23cf34b7abda184db206b5adc139b39f8021
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                        Function 0EE3DC66 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: e237226e43ff2cb443816683d2e1ed9dc41582c9717c1f27b1b4a7b6be04d6a4
                                                                                                                                                                                                                                                                                        • Instruction ID: 1a05254eccd7d48ffe5411ce08af3dd7c3819da853accb52ac38f54c600baf22
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e237226e43ff2cb443816683d2e1ed9dc41582c9717c1f27b1b4a7b6be04d6a4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                        Function 0EE3DDC2 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: d65ddd72742bac90c9093f081e8df8033a775f6244033a842f6f175839449952
                                                                                                                                                                                                                                                                                        • Instruction ID: b959215ebc21050e0a8218d77fa01a705373398dc025dd59b4003fc23dd3c353
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d65ddd72742bac90c9093f081e8df8033a775f6244033a842f6f175839449952
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                        Function 0EE3DAA6 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 84e3849d111c43161ee957487358b5271f4aff6f99972ad8c2fb0f94b9e358b0
                                                                                                                                                                                                                                                                                        • Instruction ID: 264e3e3c01053d85ce47d7fa42d6e5cd063a84208416af32195f476d8142087c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 84e3849d111c43161ee957487358b5271f4aff6f99972ad8c2fb0f94b9e358b0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                        Function 0EE3DB16 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 982424f36a5cea1643360b8dff7f86bf69dbdd2d4b5e959ee12a853d4e42a509
                                                                                                                                                                                                                                                                                        • Instruction ID: 769a5adc9a3215bfced1c06c68bbfd103b222a4115da15fd585880f7847bb168
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 982424f36a5cea1643360b8dff7f86bf69dbdd2d4b5e959ee12a853d4e42a509
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                        Function 0EE3D46E Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 732ca8f5471033b7ddb03a4d3b07319223660e1674fcc8b0f4271a4b1142bcf0
                                                                                                                                                                                                                                                                                        • Instruction ID: ef33c4d534b9312b726b3ec4cea839cff5fbc0c2a9f0270993248e0da547d6a3
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 732ca8f5471033b7ddb03a4d3b07319223660e1674fcc8b0f4271a4b1142bcf0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                        Function 0EE3D28A Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 5325cfead68fedc73d5f34c5f12410960a3cb5a58dc5d60fc4c3a7341e710b22
                                                                                                                                                                                                                                                                                        • Instruction ID: 9a3ceb600c73fa3fd23c366217445cf9fa210a76082422a27734eb23e066e9f6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5325cfead68fedc73d5f34c5f12410960a3cb5a58dc5d60fc4c3a7341e710b22
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                        Function 0EE3D25A Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 5b3b76116650275cf824d0fb663135cd3d0c5f42020ba08bd66eee8e10cdddd9
                                                                                                                                                                                                                                                                                        • Instruction ID: 82055b4e3e0566e85420da156b9bcfe851509f843ad68d7802913c12f349f85d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5b3b76116650275cf824d0fb663135cd3d0c5f42020ba08bd66eee8e10cdddd9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                        Function 0EE3D3FE Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: e4a278ec2b727872a9f5378a4997b3f27ba8f5d6023544717af90e1cffe2996f
                                                                                                                                                                                                                                                                                        • Instruction ID: 9e631e6514d37f7b25726d0980670db6342daaa8b2f36b9ce0436a5685e6666e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e4a278ec2b727872a9f5378a4997b3f27ba8f5d6023544717af90e1cffe2996f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                        Function 6C627420 Relevance: 48.3, APIs: 32, Instructions: 267COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • jdiv_round_up.JPEG62(?,00000008,00000000,?,?,6C6272B6,00000000,?,00000000), ref: 6C62743B
                                                                                                                                                                                                                                                                                        • jdiv_round_up.JPEG62(?,00000008,?,00000008,00000000,?,?,6C6272B6,00000000,?,00000000), ref: 6C627448
                                                                                                                                                                                                                                                                                        • jdiv_round_up.JPEG62(?,00000008,00000000,?,?,6C6272B6,00000000,?,00000000), ref: 6C627467
                                                                                                                                                                                                                                                                                        • jdiv_round_up.JPEG62(?,00000008,?,00000008,00000000,?,?,6C6272B6,00000000,?,00000000), ref: 6C627477
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4040411153.000000006C5F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5F0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040383654.000000006C5F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C652000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C662000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C672000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C683000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C696000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041740019.000000006C6A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041774942.000000006C6A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5f0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: jdiv_round_up
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1378251937-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 8b57c4b12fde18c51405b832557512cd9463cae327dbdf434cbb6158d88228c9
                                                                                                                                                                                                                                                                                        • Instruction ID: 55b13f420937fddd59468f569a2900b1e034b78d295d79c1d13d80cd426bbf8e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b57c4b12fde18c51405b832557512cd9463cae327dbdf434cbb6158d88228c9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B5A13C706007169FE720CFB8C945FDAB7E9BB49348F00592E9199C7B54EB78E1488F88
                                                                                                                                                                                                                                                                                        Function 102268F5 Relevance: 30.1, APIs: 12, Strings: 5, Instructions: 316processCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __lock.LIBCMT ref: 102269AF
                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 102269BE
                                                                                                                                                                                                                                                                                        • DuplicateHandle.KERNEL32(?,00000000,?,?,00000000,00000001,00000002), ref: 102269F3
                                                                                                                                                                                                                                                                                        • _strlen.LIBCMT ref: 10226AC5
                                                                                                                                                                                                                                                                                        • _strlen.LIBCMT ref: 10226ACF
                                                                                                                                                                                                                                                                                        • _strlen.LIBCMT ref: 10226ADC
                                                                                                                                                                                                                                                                                          • Part of subcall function 1022646A: GetFileAttributesA.KERNEL32(00000001,10021EDF,?,00000001,?,?,?,?,?,?,?,?,?,?,100221AE), ref: 1022646E
                                                                                                                                                                                                                                                                                          • Part of subcall function 1022646A: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,100221AE,?,?,100013A1,?,00000000), ref: 10226479
                                                                                                                                                                                                                                                                                        • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000001,00000000,00000000,00000000,?,?), ref: 10226B41
                                                                                                                                                                                                                                                                                          • Part of subcall function 10222B79: __lock.LIBCMT ref: 10222B97
                                                                                                                                                                                                                                                                                          • Part of subcall function 10222B79: HeapFree.KERNEL32(00000000,?,1034C248,0000000C,102284C2,00000000,?,?,?,102284EB,?,?,?,10222AE7,00000004,1034C238), ref: 10222BDE
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 10226C58
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _strlen$HandleProcess__lock$AttributesCloseCreateCurrentDuplicateErrorFileFreeHeapLast
                                                                                                                                                                                                                                                                                        • String ID: /c $COMSPEC$PATH$cmd.exe$command.com
                                                                                                                                                                                                                                                                                        • API String ID: 3447952892-3191768237
                                                                                                                                                                                                                                                                                        • Opcode ID: 49d5065c05777fa694a1983f2ab1785e43d3a969cbba2d86e21ac1e6875d41e6
                                                                                                                                                                                                                                                                                        • Instruction ID: 925b19afba6112a23438fa6e7fcd83257def132a7d0c281c60694eb6e2ce9a56
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49d5065c05777fa694a1983f2ab1785e43d3a969cbba2d86e21ac1e6875d41e6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29B1B076C00219AFCB24DFE4EC89AADBBB5EF49354FA0406AF554A6250DB316DA1CF10
                                                                                                                                                                                                                                                                                        Function 0EE85ACF Relevance: 25.7, APIs: 17, Instructions: 190windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 0EE85ADF
                                                                                                                                                                                                                                                                                        • SelectPalette.GDI32(?,00000000,00000000), ref: 0EE85B1F
                                                                                                                                                                                                                                                                                        • RealizePalette.GDI32(?), ref: 0EE85B2B
                                                                                                                                                                                                                                                                                        • FillRect.USER32(?,?,?), ref: 0EE85B7C
                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 0EE85B94
                                                                                                                                                                                                                                                                                        • SetBkColor.GDI32(?,00000000), ref: 0EE85BAF
                                                                                                                                                                                                                                                                                        • SetDIBColorTable.GDI32(?,00000000,00000002,00000000,?,00000000,?,00000000,?,00000000,00000000,0EE85D3F,?,00000000,0EE85D61), ref: 0EE85BF8
                                                                                                                                                                                                                                                                                        • PatBlt.GDI32(?,00000000,00000000,?,?,00FF0062), ref: 0EE85C1A
                                                                                                                                                                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 0EE85C2D
                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 0EE85C50
                                                                                                                                                                                                                                                                                        • SelectPalette.GDI32(?,00000000,00000000), ref: 0EE85C6C
                                                                                                                                                                                                                                                                                        • RealizePalette.GDI32(?), ref: 0EE85C77
                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 0EE85C95
                                                                                                                                                                                                                                                                                        • SetBkColor.GDI32(?,00000000), ref: 0EE85CB0
                                                                                                                                                                                                                                                                                        • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0EE85CD8
                                                                                                                                                                                                                                                                                        • SelectPalette.GDI32(?,00000000,000000FF), ref: 0EE85CEA
                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 0EE85CF4
                                                                                                                                                                                                                                                                                        • DeleteDC.GDI32(?), ref: 0EE85D0F
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE7E910: GetSysColor.USER32(00000028), ref: 0EE7E91A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ColorSelect$Palette$Object$RealizeText$CompatibleCreateDeleteFillRectTable
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3366061311-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 40c6520bdacb806e91a1496deba9128f662bd2e04e637099a02430bfd909c7f0
                                                                                                                                                                                                                                                                                        • Instruction ID: 3fd9fcb07af76a1a10909473f94f41fc643eada20a80d8b8d54b374441ee70e2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40c6520bdacb806e91a1496deba9128f662bd2e04e637099a02430bfd909c7f0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D0719775A1020CAFCB50EFA8CD98F9EB7F8EB08214F115894F918EB661D635ED44CB60
                                                                                                                                                                                                                                                                                        Function 10004290 Relevance: 24.9, APIs: 5, Strings: 9, Instructions: 380COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __time32.LIBCMT ref: 100042D8
                                                                                                                                                                                                                                                                                          • Part of subcall function 102237CE: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,00000000,10009334,00000000,10009467), ref: 102237D7
                                                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,?,?,?,?), ref: 1000439A
                                                                                                                                                                                                                                                                                        • __floor_pentium4.LIBCMT ref: 100043BF
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • %04d%02d%02d%02d%02d%02d, xrefs: 1000435B
                                                                                                                                                                                                                                                                                        • %0.3fu, xrefs: 100046B6
                                                                                                                                                                                                                                                                                        • xml, xrefs: 10004327
                                                                                                                                                                                                                                                                                        • 6.2.3, xrefs: 100046DF
                                                                                                                                                                                                                                                                                        • %ld:%02ld, xrefs: 10004650
                                                                                                                                                                                                                                                                                        • <entry> <timestamp>%s</timestamp> <elapsed-time>%ld:%02ld</elapsed-time> <user-time>%0.3f</user-time> <pid>%ld</pid> <module>%s</module> <function>%s</function> <line>%lu</line> <domain>%s</domain> <event>%s</event></entry>, xrefs: 100043E2
                                                                                                                                                                                                                                                                                        • %02d:%02d:%02d, xrefs: 10004689
                                                                                                                                                                                                                                                                                        • %ld, xrefs: 100045F6
                                                                                                                                                                                                                                                                                        • %lu, xrefs: 10004568
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Time$CurrentFileProcessSystem__floor_pentium4__time32
                                                                                                                                                                                                                                                                                        • String ID: %0.3fu$%02d:%02d:%02d$%04d%02d%02d%02d%02d%02d$%ld$%ld:%02ld$%lu$6.2.3$<entry> <timestamp>%s</timestamp> <elapsed-time>%ld:%02ld</elapsed-time> <user-time>%0.3f</user-time> <pid>%ld</pid> <module>%s</module> <function>%s</function> <line>%lu</line> <domain>%s</domain> <event>%s</event></entry>$xml
                                                                                                                                                                                                                                                                                        • API String ID: 1251724125-1994909747
                                                                                                                                                                                                                                                                                        • Opcode ID: 001a4373a4207f554769afaa08f0098314b9e5daa4afa2580548d8c00e4fa8e6
                                                                                                                                                                                                                                                                                        • Instruction ID: f01ef119b89505c3bfe91e98d530db9aaed355ce2a815afe0fe6caa858ec46da
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 001a4373a4207f554769afaa08f0098314b9e5daa4afa2580548d8c00e4fa8e6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89C17CB40086C1ABE321CF149C44BEF77E5EF4A3C1F564458F9C54B24AEF72A90987A6
                                                                                                                                                                                                                                                                                        Function 0589DB4A Relevance: 24.1, Strings: 19, Instructions: 364COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • xx.cpp, xrefs: 0589DCEB
                                                                                                                                                                                                                                                                                        • dttPtr->dttFlags & (DTCVF_PTRVAL|DTCVF_RETVAL), xrefs: 0589DB90
                                                                                                                                                                                                                                                                                        • varType->tpMask & TM_IS_PTR, xrefs: 0589DDF8
                                                                                                                                                                                                                                                                                        • varType->tpMask & TM_IS_ARRAY, xrefs: 0589DDC1
                                                                                                                                                                                                                                                                                        • dttPtr->dttType->tpMask & TM_IS_PTR, xrefs: 0589DBB2
                                                                                                                                                                                                                                                                                        • xx.cpp, xrefs: 0589DDF3
                                                                                                                                                                                                                                                                                        • xx.cpp, xrefs: 0589DC16
                                                                                                                                                                                                                                                                                        • varType->tpClass.tpcFlags & CF_HAS_DTOR, xrefs: 0589DCF0
                                                                                                                                                                                                                                                                                        • IS_CLASS(dttPtr->dttType->tpMask) && (dttPtr->dttType->tpClass.tpcFlags & CF_HAS_DTOR), xrefs: 0589DC1B
                                                                                                                                                                                                                                                                                        • xx.cpp, xrefs: 0589DBAD
                                                                                                                                                                                                                                                                                        • xx.cpp, xrefs: 0589DD5F
                                                                                                                                                                                                                                                                                        • xx.cpp, xrefs: 0589DB8B
                                                                                                                                                                                                                                                                                        • xx.cpp, xrefs: 0589DC87
                                                                                                                                                                                                                                                                                        • xx.cpp, xrefs: 0589DBD2
                                                                                                                                                                                                                                                                                        • xx.cpp, xrefs: 0589DDBC
                                                                                                                                                                                                                                                                                        • dtvtPtr->dttType->tpMask & TM_IS_ARRAY, xrefs: 0589DC8C
                                                                                                                                                                                                                                                                                        • elemType->tpClass.tpcFlags & CF_HAS_DTOR, xrefs: 0589DD64
                                                                                                                                                                                                                                                                                        • xx.cpp, xrefs: 0589DE97
                                                                                                                                                                                                                                                                                        • dttPtr->dttType->tpPtr.tppBaseType->tpClass.tpcFlags & CF_HAS_DTOR, xrefs: 0589DBD7
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: IS_CLASS(dttPtr->dttType->tpMask) && (dttPtr->dttType->tpClass.tpcFlags & CF_HAS_DTOR)$dttPtr->dttFlags & (DTCVF_PTRVAL|DTCVF_RETVAL)$dttPtr->dttType->tpMask & TM_IS_PTR$dttPtr->dttType->tpPtr.tppBaseType->tpClass.tpcFlags & CF_HAS_DTOR$dtvtPtr->dttType->tpMask & TM_IS_ARRAY$elemType->tpClass.tpcFlags & CF_HAS_DTOR$varType->tpClass.tpcFlags & CF_HAS_DTOR$varType->tpMask & TM_IS_ARRAY$varType->tpMask & TM_IS_PTR$xx.cpp$xx.cpp$xx.cpp$xx.cpp$xx.cpp$xx.cpp$xx.cpp$xx.cpp$xx.cpp$xx.cpp
                                                                                                                                                                                                                                                                                        • API String ID: 0-1832648043
                                                                                                                                                                                                                                                                                        • Opcode ID: 81f49e59ecc58a3271bf913de1dbf923ef8c55808c60b052b36dd91f52b93616
                                                                                                                                                                                                                                                                                        • Instruction ID: 5ec0fffcddbffc333f420797d4f723a4dcef0a834f6147c89a1a734d7ff55cee
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 81f49e59ecc58a3271bf913de1dbf923ef8c55808c60b052b36dd91f52b93616
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EFE19E71A052499FDF18CF58C885BAEBBB2BF44314F1C8098ED49AB3A1D3749D41CB85
                                                                                                                                                                                                                                                                                        Function 10229E2C Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 116fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,00000000,00000000), ref: 10229EA5
                                                                                                                                                                                                                                                                                        • _strlen.LIBCMT ref: 10229ECF
                                                                                                                                                                                                                                                                                        • _strlen.LIBCMT ref: 10229EE2
                                                                                                                                                                                                                                                                                        • _strncpy.LIBCMT ref: 10229EFC
                                                                                                                                                                                                                                                                                        • _strlen.LIBCMT ref: 10229F05
                                                                                                                                                                                                                                                                                        • _strlen.LIBCMT ref: 10229F12
                                                                                                                                                                                                                                                                                        • _strlen.LIBCMT ref: 10229F75
                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(000000F4,1034CC08,00000000,?,00000000,00000000,00000000,00000000), ref: 10229F80
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000), ref: 10229F87
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _strlen$File$HandleModuleNameWrite_strncpy
                                                                                                                                                                                                                                                                                        • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                                                                                                                                                                                        • API String ID: 190417973-4022980321
                                                                                                                                                                                                                                                                                        • Opcode ID: 999e57583f1d32ccf3d78b747f6991ef7a994bc355250e579983f2c4d6689c94
                                                                                                                                                                                                                                                                                        • Instruction ID: 933a8f50aeeb390e2b623452728a24799e2e7461aa3594fa00609ffccd50b42f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 999e57583f1d32ccf3d78b747f6991ef7a994bc355250e579983f2c4d6689c94
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0310436500218ABCB20DFB0EC86DDE73ACEF89380BA04616F556E6151DB74F9A58F50
                                                                                                                                                                                                                                                                                        Function 0F06A6B8 Relevance: 22.8, APIs: 15, Instructions: 321COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: de66c6081c6c4de503cc03b4a85bad62a27cbfb6b87309ed428d09f08df498fd
                                                                                                                                                                                                                                                                                        • Instruction ID: c53c683cb35c90a97d02c76854b2589515009ff856bd69a586d2c54b9365a15c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de66c6081c6c4de503cc03b4a85bad62a27cbfb6b87309ed428d09f08df498fd
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ACC11870E04248EFDB50FBB8C984BDDBBF5AF49300F6555A5E404AB262C738AE40DB51
                                                                                                                                                                                                                                                                                        Function 0589CD9D Relevance: 22.7, Strings: 18, Instructions: 218COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: (dscPtr->xdMask & TM_IS_PTR) == 0$dscPtr->xdArgCopy == 0$dscPtr->xdERRaddr == errPtr$dscPtr->xdHtabAdr == hdtPtr$dscPtr->xdMask & TM_IS_PTR$dscPtr->xdSize == size$dscPtr->xdTypeID == dscPtr->xdBase$hdtPtr->HDcctrAddr$mask & TM_IS_PTR$xx.cpp$xx.cpp$xx.cpp$xx.cpp$xx.cpp$xx.cpp$xx.cpp$xx.cpp$xx.cpp
                                                                                                                                                                                                                                                                                        • API String ID: 0-1713321050
                                                                                                                                                                                                                                                                                        • Opcode ID: 037438c7a393152d24ea6a409a231fc5dd06b84bd4051f7047c961a04a07d313
                                                                                                                                                                                                                                                                                        • Instruction ID: 40acb8fb89cf3aa45302203820e64839820af28ca824b16df78e63f5e631edaa
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 037438c7a393152d24ea6a409a231fc5dd06b84bd4051f7047c961a04a07d313
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3681D172A45304ABEF188F54CC8AFA97FA1BF45304F4C8098EC45EA291F3B69D54DB91
                                                                                                                                                                                                                                                                                        Function 0EF3F164 Relevance: 21.4, APIs: 6, Strings: 6, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(0F0D0334,00000000,0EF3F631,?,00000000,00000000,00000000,?,0EFDCCF8,?,?,?,?,00000000,00000000,00000000), ref: 0EF3F1C4
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(0F0D0334,0EF3F606,00000000,0EF3F631,?,00000000,00000000,00000000,?,0EFDCCF8,?,?,?,?,00000000,00000000), ref: 0EF3F251
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(0F0D0334,00000000,0EF3F631,?,00000000,00000000,00000000,?,0EFDCCF8,?,?,?,?,00000000,00000000,00000000), ref: 0EF3F27B
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$Enter$Leave
                                                                                                                                                                                                                                                                                        • String ID: $.pbm$4$tmp${in}${out}
                                                                                                                                                                                                                                                                                        • API String ID: 2801635615-115236059
                                                                                                                                                                                                                                                                                        • Opcode ID: 0b838be2020575af87760d5d908cfc0401b53551b6b44816da74da06558a8702
                                                                                                                                                                                                                                                                                        • Instruction ID: 9daafdf788e03b6d8e9242e3e4c789d210d5bea8193e52a4a12815de7deddedb
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b838be2020575af87760d5d908cfc0401b53551b6b44816da74da06558a8702
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3E11775F002099FDB10DFA8D894AAEB7F6FF89310F6485A5E808A7354DB34AE45CB50
                                                                                                                                                                                                                                                                                        Function 6C5D5436 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ___free_lconv_mon.LIBCMT ref: 6C5D547A
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D5764: _free.LIBCMT ref: 6C5D5781
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D5764: _free.LIBCMT ref: 6C5D5793
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D5764: _free.LIBCMT ref: 6C5D57A5
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D5764: _free.LIBCMT ref: 6C5D57B7
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D5764: _free.LIBCMT ref: 6C5D57C9
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D5764: _free.LIBCMT ref: 6C5D57DB
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D5764: _free.LIBCMT ref: 6C5D57ED
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D5764: _free.LIBCMT ref: 6C5D57FF
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D5764: _free.LIBCMT ref: 6C5D5811
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D5764: _free.LIBCMT ref: 6C5D5823
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D5764: _free.LIBCMT ref: 6C5D5835
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D5764: _free.LIBCMT ref: 6C5D5847
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D5764: _free.LIBCMT ref: 6C5D5859
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D546F
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D24B1: HeapFree.KERNEL32(00000000,00000000,?,6C5D58F5,?,00000000,?,?,?,6C5D591C,?,00000007,?,?,6C5D55CF,?), ref: 6C5D24C7
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D24B1: GetLastError.KERNEL32(?,?,6C5D58F5,?,00000000,?,?,?,6C5D591C,?,00000007,?,?,6C5D55CF,?,?), ref: 6C5D24D9
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D5491
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D54A6
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D54B1
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D54D3
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D54E6
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D54F4
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D54FF
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D5537
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D553E
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D555B
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D5573
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                        • Opcode ID: ebf2f58f1381c4eefc460187a85e78e77bfe8a6d2ef346e36b6a7207f01bf715
                                                                                                                                                                                                                                                                                        • Instruction ID: bbdf79ea8b26939a1fe93d452c78b1db2452e99abb2ca4f3d18e76df66b6b3c3
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ebf2f58f1381c4eefc460187a85e78e77bfe8a6d2ef346e36b6a7207f01bf715
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E317FB1504700DFEB118E7DDC44B9A73E9EF8031AFA28519E859D7A50DB35FC448719
                                                                                                                                                                                                                                                                                        Function 0F0287BC Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 161registrywindowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(0F0286C0), ref: 0F02883A
                                                                                                                                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(0F0286A0,0F0286C0), ref: 0F028846
                                                                                                                                                                                                                                                                                        • GetVersionExW.KERNEL32(00000114,0F0286A0,0F0286C0), ref: 0F028897
                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000017), ref: 0F0288DF
                                                                                                                                                                                                                                                                                        • RegisterWindowMessageW.USER32(WPTOOLS Format,00000114,0F0286A0,0F0286C0), ref: 0F028903
                                                                                                                                                                                                                                                                                        • RegisterWindowMessageW.USER32(HTML Format,WPTOOLS Format,00000114,0F0286A0,0F0286C0), ref: 0F028913
                                                                                                                                                                                                                                                                                        • RegisterWindowMessageW.USER32(Rich Text Format,HTML Format,WPTOOLS Format,00000114,0F0286A0,0F0286C0), ref: 0F028923
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE87CC0: DeleteObject.GDI32(?), ref: 0EE87E06
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageRegisterWindow$CriticalInitializeSection$DeleteMetricsObjectSystemVersion
                                                                                                                                                                                                                                                                                        • String ID: %d $HTML Format$Rich Text Format$WPTOOLS Format
                                                                                                                                                                                                                                                                                        • API String ID: 945461911-3389926205
                                                                                                                                                                                                                                                                                        • Opcode ID: db167aa376cd60ec365343f88d999f9ff75ec502a82fabfb4f470fef8385d5b4
                                                                                                                                                                                                                                                                                        • Instruction ID: 5ba400db72fb06e5e367741ff0c4d7cb410294c44e0e82aae1104a72e1b42fdb
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: db167aa376cd60ec365343f88d999f9ff75ec502a82fabfb4f470fef8385d5b4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C07159706043498BEB55EF38C8C479937E9AF05708F1895BADE0C8F34ADB769948CB61
                                                                                                                                                                                                                                                                                        Function 1022955E Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 98COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,1034C8F8,00000118,10222D39,00000001,00000000,1034C258,00000008,10229F9E,00000000,00000000,00000000), ref: 102295DC
                                                                                                                                                                                                                                                                                        • _strlen.LIBCMT ref: 10229606
                                                                                                                                                                                                                                                                                        • _strlen.LIBCMT ref: 1022961B
                                                                                                                                                                                                                                                                                        • _strncpy.LIBCMT ref: 10229635
                                                                                                                                                                                                                                                                                        • _strlen.LIBCMT ref: 1022963E
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _strlen$FileModuleName_strncpy
                                                                                                                                                                                                                                                                                        • String ID: ...$<program name unknown>$Buffer overrun detected!$Microsoft Visual C++ Runtime Library$Program: $Unknown security failure detected!
                                                                                                                                                                                                                                                                                        • API String ID: 2455649890-1673886896
                                                                                                                                                                                                                                                                                        • Opcode ID: 90f291942f7b99dbbc6c7353622cb53d83846f22eea560be93b703dc0a117b60
                                                                                                                                                                                                                                                                                        • Instruction ID: 33b7ef3e808885b39b206fbfe14a75ec422c054f5880d61ea7b65f0558aa6d8a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 90f291942f7b99dbbc6c7353622cb53d83846f22eea560be93b703dc0a117b60
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3531AD7690121DABCB11DBE0AC46ECE37E8EF48360FA00546F514EA140DB35EA618FA8
                                                                                                                                                                                                                                                                                        Function 1000D850 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 94COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,?,10008225,?,?,?), ref: 1000D8D4
                                                                                                                                                                                                                                                                                        • FindResourceA.KERNEL32(00000000,?,IMAGEMAGICK), ref: 1000D8E7
                                                                                                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00000000,?,10008225), ref: 1000D8FB
                                                                                                                                                                                                                                                                                        • SizeofResource.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,?,10008225,?), ref: 1000D909
                                                                                                                                                                                                                                                                                        • LockResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,?,10008225,?,?,?), ref: 1000D912
                                                                                                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,?,10008225,?,?,?), ref: 1000D91F
                                                                                                                                                                                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,10008225,?), ref: 1000D94E
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • \Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\nt-base.c, xrefs: 1000D87F
                                                                                                                                                                                                                                                                                        • %s%s%s, xrefs: 1000D8A6
                                                                                                                                                                                                                                                                                        • IMAGEMAGICK, xrefs: 1000D8E0
                                                                                                                                                                                                                                                                                        • NTResourceToBlob, xrefs: 1000D87A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Resource$Free$FindHandleLoadLockModuleSizeof
                                                                                                                                                                                                                                                                                        • String ID: %s%s%s$IMAGEMAGICK$NTResourceToBlob$\Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\nt-base.c
                                                                                                                                                                                                                                                                                        • API String ID: 658619590-2666739123
                                                                                                                                                                                                                                                                                        • Opcode ID: 6cc0252cc16d7599aae958c4d95ff8d8987bbc9c898861a45e91888a1885476f
                                                                                                                                                                                                                                                                                        • Instruction ID: d8d67037d7a8115d322f02055d89baf47bdd2782a4b03150f3e3422a8df66f9c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6cc0252cc16d7599aae958c4d95ff8d8987bbc9c898861a45e91888a1885476f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA21E179400282ABE321E7649C88FEB76DCEF8D3C1F410529F94996206EF71A8008375
                                                                                                                                                                                                                                                                                        Function 0EE3DF34 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 62windowregistryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • FindWindowW.USER32(MouseZ,Magellan MSWHEEL), ref: 0EE3DF4E
                                                                                                                                                                                                                                                                                        • RegisterWindowMessageW.USER32(MSWHEEL_ROLLMSG,MouseZ,Magellan MSWHEEL), ref: 0EE3DF5A
                                                                                                                                                                                                                                                                                        • RegisterWindowMessageW.USER32(MSH_WHEELSUPPORT_MSG,MSWHEEL_ROLLMSG,MouseZ,Magellan MSWHEEL), ref: 0EE3DF69
                                                                                                                                                                                                                                                                                        • RegisterWindowMessageW.USER32(MSH_SCROLL_LINES_MSG,MSH_WHEELSUPPORT_MSG,MSWHEEL_ROLLMSG,MouseZ,Magellan MSWHEEL), ref: 0EE3DF75
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000000,00000000,00000000), ref: 0EE3DF8D
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,?,00000000,00000000), ref: 0EE3DFB1
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Message$Window$Register$Send$Find
                                                                                                                                                                                                                                                                                        • String ID: MSH_SCROLL_LINES_MSG$MSH_WHEELSUPPORT_MSG$MSWHEEL_ROLLMSG$Magellan MSWHEEL$MouseZ
                                                                                                                                                                                                                                                                                        • API String ID: 3569030445-3736581797
                                                                                                                                                                                                                                                                                        • Opcode ID: c6cb7d6177d6844f64f8acd2d1be070abbf94e34937288358117d42d2f95d844
                                                                                                                                                                                                                                                                                        • Instruction ID: 0b69010ddb49f3688e57ebd5b715ea35f4e2106b22461564486528e53ac40eea
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c6cb7d6177d6844f64f8acd2d1be070abbf94e34937288358117d42d2f95d844
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A511517520430AAFE7119F75CCC9B6AB7E8EF85614F706525A8449F390E7709C40CB61
                                                                                                                                                                                                                                                                                        Function 0EE3B212 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 183libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(?), ref: 0EE3B2CF
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?), ref: 0EE3B2DA
                                                                                                                                                                                                                                                                                        • RaiseException.KERNEL32(C0FB007E,00000000,00000001,?), ref: 0EE3B310
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(0F0CDC24), ref: 0EE3B322
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,0F0CDC24), ref: 0EE3B33A
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(0F0CDC24,?,0F0CDC24), ref: 0EE3B347
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?), ref: 0EE3B3B6
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?), ref: 0EE3B3C1
                                                                                                                                                                                                                                                                                        • RaiseException.KERNEL32(C0FB007F,00000000,00000001,?), ref: 0EE3B3F7
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE3B12C: LocalAlloc.KERNEL32(00000040,00000008,?,?,?,0EE3B333,?,0F0CDC24), ref: 0EE3B138
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE3B12C: RaiseException.KERNEL32(C0FB0008,00000000,00000001,?,00000040,00000008,?,?,?,0EE3B333,?,0F0CDC24), ref: 0EE3B14D
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExceptionRaise$CriticalErrorLastLibrarySection$AddressAllocEnterFreeLeaveLoadLocalProc
                                                                                                                                                                                                                                                                                        • String ID: $
                                                                                                                                                                                                                                                                                        • API String ID: 4255670546-3993045852
                                                                                                                                                                                                                                                                                        • Opcode ID: 258490451f512de10351b90d1f5fec1aacf63a97caa88d94dce90bb1989d960a
                                                                                                                                                                                                                                                                                        • Instruction ID: 8c445347726746e6637a2c78274186e4fda486e30f4d4eca1e82b8c5206b9e67
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 258490451f512de10351b90d1f5fec1aacf63a97caa88d94dce90bb1989d960a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2561B07191161AEFDB20DFB5D888BAEB7F4FF88314F209629EA1297250D7B49D40CB50
                                                                                                                                                                                                                                                                                        Function 1000DC30 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 79libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 1000D690: SetErrorMode.KERNEL32(00008001,?,?,?,?,1000DC7E,?,1000AA69), ref: 1000D6BC
                                                                                                                                                                                                                                                                                          • Part of subcall function 1000D690: LoadLibraryExA.KERNEL32(?,00000000,00000008,?,?,?,?,1000DC7E,?,1000AA69), ref: 1000D6D4
                                                                                                                                                                                                                                                                                          • Part of subcall function 1000D690: LoadLibraryExA.KERNEL32(?,00000000,00000008,?,?,?,?,?,?,?,?,?,1000DC7E,?,1000AA69), ref: 1000D740
                                                                                                                                                                                                                                                                                          • Part of subcall function 1000D690: LoadLibraryExA.KERNEL32(?,00000000,00000008,?,?,?,?,?,?,?,?,?,1000DC7E,?,1000AA69), ref: 1000D78D
                                                                                                                                                                                                                                                                                          • Part of subcall function 1000D690: SetErrorMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,1000DC7E,?,1000AA69), ref: 1000D796
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,gsapi_exit), ref: 1000DCB2
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,gsapi_init_with_args), ref: 1000DCC4
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,gsapi_new_instance), ref: 1000DCD7
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,gsapi_run_string), ref: 1000DCEA
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,gsapi_delete_instance), ref: 1000DCFC
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressProc$LibraryLoad$ErrorMode
                                                                                                                                                                                                                                                                                        • String ID: gsapi_delete_instance$gsapi_exit$gsapi_init_with_args$gsapi_new_instance$gsapi_run_string
                                                                                                                                                                                                                                                                                        • API String ID: 1452663667-33355805
                                                                                                                                                                                                                                                                                        • Opcode ID: 79b0d3df769c3a436289d9c03421abab168c09b2fd592d65badfe6193cdf0c0f
                                                                                                                                                                                                                                                                                        • Instruction ID: 11cd088d5266c9dae65e506c88af2003f29ca451c9d85618bc5ce77bd08e74c2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 79b0d3df769c3a436289d9c03421abab168c09b2fd592d65badfe6193cdf0c0f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C5214C70620254ABE72ADB65CD81BAA33ECFB88381F05081FF58DC72E5D772A8508B55
                                                                                                                                                                                                                                                                                        Function 0EE39D1C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 77stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(0F0CDB5C,00000000,0EE39E21,?,?,00000000,00000000,?,0EE3A634,?,?,?,00000000,00000105,00000000,0EE3A6AF), ref: 0EE39D3A
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(0F0CDB5C,0F0CDB5C,00000000,0EE39E21,?,?,00000000,00000000,?,0EE3A634,?,?,?,00000000,00000105,00000000), ref: 0EE39D5E
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(0F0CDB5C,0F0CDB5C,00000000,0EE39E21,?,?,00000000,00000000,?,0EE3A634,?,?,?,00000000,00000105,00000000), ref: 0EE39D6D
                                                                                                                                                                                                                                                                                        • IsValidLocale.KERNEL32(00000000,00000002,0F0CDB5C,0F0CDB5C,00000000,0EE39E21,?,?,00000000,00000000,?,0EE3A634,?,?,?,00000000), ref: 0EE39D81
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(0F0CDB5C,00000000,00000002,0F0CDB5C,0F0CDB5C,00000000,0EE39E21,?,?,00000000,00000000,?,0EE3A634,?,?,?), ref: 0EE39DDE
                                                                                                                                                                                                                                                                                        • lstrcpynW.KERNEL32(en-GB,en,en-US,,00000000,000000AA,0F0CDB5C,00000000,00000002,0F0CDB5C,0F0CDB5C,00000000,0EE39E21,?,?,00000000,00000000,?,0EE3A634), ref: 0EE39DFC
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(0F0CDB5C,en-GB,en,en-US,,00000000,000000AA,0F0CDB5C,00000000,00000002,0F0CDB5C,0F0CDB5C,00000000,0EE39E21,?,?,00000000,00000000), ref: 0EE39E06
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$Leave$Enter$LocaleValidlstrcpyn
                                                                                                                                                                                                                                                                                        • String ID: en-GB,en,en-US,
                                                                                                                                                                                                                                                                                        • API String ID: 1058953229-3021119265
                                                                                                                                                                                                                                                                                        • Opcode ID: a617a83858e26c254a8edaae7bb51dcc1445945d7307db11911725aa32d51749
                                                                                                                                                                                                                                                                                        • Instruction ID: a76a2d9de4fa89de64e87324ec57360e50d773b0e6a977f2525a27ea29b2cc46
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a617a83858e26c254a8edaae7bb51dcc1445945d7307db11911725aa32d51749
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6C21C96030121CF6DB11B7B99C1962E72D59FC8A05F717C27E58187156EBE68D00D3B2
                                                                                                                                                                                                                                                                                        Function 0EEA15C8 Relevance: 16.7, APIs: 11, Instructions: 196memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(?), ref: 0EEA1607
                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(?), ref: 0EEA1610
                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(?), ref: 0EEA1625
                                                                                                                                                                                                                                                                                        • ClosePrinter.WINSPOOL.DRV(?,00000000,0EEA17D4,?,?,00000000,00000000), ref: 0EEA1648
                                                                                                                                                                                                                                                                                        • OpenPrinterW.WINSPOOL.DRV(?,00000024,00000000,?,?,00000000,00000000), ref: 0EEA1733
                                                                                                                                                                                                                                                                                        • DocumentPropertiesW.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,?,?,?,?,00000024,00000000,?,?), ref: 0EEA1752
                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,?,?,?,?,00000024,00000000), ref: 0EEA175A
                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 0EEA1769
                                                                                                                                                                                                                                                                                        • DocumentPropertiesW.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002,00000042,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0EEA1781
                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(?), ref: 0EEA178E
                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(?), ref: 0EEA1797
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Global$DocumentFreeLockPropertiesUnlock$AllocCloseOpenPrinterPrinter.
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4137974848-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 2d70dde6de8b7d8c93879d0446d97325c9c1f5022f75ccf9f7c0ea7f5f71fc59
                                                                                                                                                                                                                                                                                        • Instruction ID: 35c996c2152ed58980b4b3c14f3ce0f3e1af0ec240bd3198e603e343b1156db1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d70dde6de8b7d8c93879d0446d97325c9c1f5022f75ccf9f7c0ea7f5f71fc59
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8D713EB5A012089FCB50DF69C884A9EB7F9EF4D310F256569EA08EB345D730ED01CB90
                                                                                                                                                                                                                                                                                        Function 6C5C3590 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 262windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateDIBSection.GDI32(?,?,00000000,?,00000000,00000000), ref: 6C5C36AA
                                                                                                                                                                                                                                                                                        • CreateCompatibleDC.GDI32(?), ref: 6C5C3871
                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 6C5C3884
                                                                                                                                                                                                                                                                                        • BitBlt.GDI32(?,?,?,00000000,?,00000000,00000000,00000000,00CC0020), ref: 6C5C38A7
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 6C5C38B1
                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 6C5C38B9
                                                                                                                                                                                                                                                                                        • DeleteDC.GDI32(00000000), ref: 6C5C38BC
                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 6C5C38C6
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Object$CreateDeleteSelect$CompatibleErrorLastSection
                                                                                                                                                                                                                                                                                        • String ID: (
                                                                                                                                                                                                                                                                                        • API String ID: 3213298441-3887548279
                                                                                                                                                                                                                                                                                        • Opcode ID: 641494793bd9474658c4682a573f88ab34822dd0ad35cbb321d195604736d9a5
                                                                                                                                                                                                                                                                                        • Instruction ID: ba74d7e0defe823fc62e60c48fb681e2d533c7a8f91bc17e87f8a0bd026e4101
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 641494793bd9474658c4682a573f88ab34822dd0ad35cbb321d195604736d9a5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 86B154716093058FC704CFA9C880A5ABBF1FFC9314F15896EE8999B311D731E905CB8A
                                                                                                                                                                                                                                                                                        Function 0589D6EF Relevance: 15.2, Strings: 12, Instructions: 224COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: IS_STRUC(blType->tpMask)$IS_STRUC(blType->tpMask)$dtorCnt < varCount$memType$memType->tpClass.tpcFlags & CF_HAS_DTOR$varType->tpClass.tpcFlags & CF_HAS_DTOR$xx.cpp$xx.cpp$xx.cpp$xx.cpp$xx.cpp$xx.cpp
                                                                                                                                                                                                                                                                                        • API String ID: 0-2154959914
                                                                                                                                                                                                                                                                                        • Opcode ID: 2c2dc688ae987346930c730a10027f7eca6db95e908dc68426c4ce8f63573867
                                                                                                                                                                                                                                                                                        • Instruction ID: b35e1c8de68505a2366212e1e9c1ba84fa1361ba5686c93471c75c09271e7faa
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c2dc688ae987346930c730a10027f7eca6db95e908dc68426c4ce8f63573867
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59818F32A01309BBEF159F94CC85FAEBBB2BF48704F088015FD59A6261D3B59D60DB85
                                                                                                                                                                                                                                                                                        Function 0589811A Relevance: 15.2, Strings: 12, Instructions: 197COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • xxtype.cpp, xrefs: 05898209
                                                                                                                                                                                                                                                                                        • xxtype.cpp, xrefs: 058981C1
                                                                                                                                                                                                                                                                                        • xxtype.cpp, xrefs: 058982F4
                                                                                                                                                                                                                                                                                        • tgtTypPtr != 0 && __isSameTypeID(topTypPtr, tgtTypPtr) == 0, xrefs: 0589820E
                                                                                                                                                                                                                                                                                        • tgtTypPtr != 0 && IS_STRUC(tgtTypPtr->tpMask), xrefs: 05898171
                                                                                                                                                                                                                                                                                        • topTypPtr != 0 && IS_STRUC(topTypPtr->tpMask), xrefs: 0589814B
                                                                                                                                                                                                                                                                                        • __isSameTypeID(srcTypPtr, tgtTypPtr) == 0, xrefs: 058981C6
                                                                                                                                                                                                                                                                                        • xxtype.cpp, xrefs: 0589816C
                                                                                                                                                                                                                                                                                        • xxtype.cpp, xrefs: 05898146
                                                                                                                                                                                                                                                                                        • xxtype.cpp, xrefs: 05898192
                                                                                                                                                                                                                                                                                        • srcTypPtr == 0 || IS_STRUC(srcTypPtr->tpMask), xrefs: 05898197
                                                                                                                                                                                                                                                                                        • srcTypPtr, xrefs: 058982F9
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: __isSameTypeID(srcTypPtr, tgtTypPtr) == 0$srcTypPtr$srcTypPtr == 0 || IS_STRUC(srcTypPtr->tpMask)$tgtTypPtr != 0 && IS_STRUC(tgtTypPtr->tpMask)$tgtTypPtr != 0 && __isSameTypeID(topTypPtr, tgtTypPtr) == 0$topTypPtr != 0 && IS_STRUC(topTypPtr->tpMask)$xxtype.cpp$xxtype.cpp$xxtype.cpp$xxtype.cpp$xxtype.cpp$xxtype.cpp
                                                                                                                                                                                                                                                                                        • API String ID: 0-2978658922
                                                                                                                                                                                                                                                                                        • Opcode ID: c70065e60ecd8fc55ded5cd37550d667f79418c317f724e8e0860bd33b69b317
                                                                                                                                                                                                                                                                                        • Instruction ID: 9d8d384f9eb4b3f6bf0efb975029badc7fe9ad902691758621c9b498f14aa4c4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c70065e60ecd8fc55ded5cd37550d667f79418c317f724e8e0860bd33b69b317
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 04718B71A0420AEBDF29DF54CC45BAEBBA1BF06718F1C8029EC16A6290D375DE50DF91
                                                                                                                                                                                                                                                                                        Function 0EE34940 Relevance: 15.1, APIs: 10, Instructions: 129fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0EE349C9
                                                                                                                                                                                                                                                                                        • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0EE349ED
                                                                                                                                                                                                                                                                                        • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0EE34A09
                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000001,00000000), ref: 0EE34A2A
                                                                                                                                                                                                                                                                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 0EE34A53
                                                                                                                                                                                                                                                                                        • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 0EE34A61
                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(000000F5), ref: 0EE34A9C
                                                                                                                                                                                                                                                                                        • GetFileType.KERNEL32(?,000000F5), ref: 0EE34AB2
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,000000F5), ref: 0EE34ACD
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(000000F5), ref: 0EE34AE5
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1694776339-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 55af823917f5b6c95fde57e36931117d3eed926acda1664b93487278f76aee34
                                                                                                                                                                                                                                                                                        • Instruction ID: 8fd379dedfa0cf165bc283f232e42306108501e203b53377b4760dc80a3406b1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 55af823917f5b6c95fde57e36931117d3eed926acda1664b93487278f76aee34
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1B41807012072AAAE730AF348C2DB6376E5EB45718F34AE1DE2F6865E4F6619C40C749
                                                                                                                                                                                                                                                                                        Function 6C5D1E90 Relevance: 15.1, APIs: 10, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D1EA6
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D24B1: HeapFree.KERNEL32(00000000,00000000,?,6C5D58F5,?,00000000,?,?,?,6C5D591C,?,00000007,?,?,6C5D55CF,?), ref: 6C5D24C7
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D24B1: GetLastError.KERNEL32(?,?,6C5D58F5,?,00000000,?,?,?,6C5D591C,?,00000007,?,?,6C5D55CF,?,?), ref: 6C5D24D9
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D1EB2
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D1EBD
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D1EC8
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D1ED3
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D1EDE
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D1EE9
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D1EF4
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D1EFF
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D1F0D
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 093fdd6ec651fa2235474f428e70d771c7285f94bcc19d356cce4b8c6d9cacaf
                                                                                                                                                                                                                                                                                        • Instruction ID: 0eb5d7a5a96a6d3f2118044842ffdd6965ccce1143430ee933575b57b08fa3b2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 093fdd6ec651fa2235474f428e70d771c7285f94bcc19d356cce4b8c6d9cacaf
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE21AE76900218EFCB01DF98CC44DDE7BB5AF88355B014195EE19DB620D735EE548B84
                                                                                                                                                                                                                                                                                        Function 6C5C8350 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 258libraryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GlobalHandle.KERNEL32(?), ref: 6C5C8423
                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 6C5C842A
                                                                                                                                                                                                                                                                                        • GlobalHandle.KERNEL32(?), ref: 6C5C8435
                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 6C5C843C
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00000010,?), ref: 6C5C8596
                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(?,?,?,00000010,?), ref: 6C5C859D
                                                                                                                                                                                                                                                                                        • EnumResourceNamesW.KERNEL32(00000000,PiPL,6C5C39B0,?), ref: 6C5C85C0
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Global$FreeHandleLibrary$EnumLoadNamesResourceUnlock
                                                                                                                                                                                                                                                                                        • String ID: PiPL
                                                                                                                                                                                                                                                                                        • API String ID: 3159198907-1755214078
                                                                                                                                                                                                                                                                                        • Opcode ID: d5805aceb878b2fcfa35bb5b2c8e7418fb0979c552908e458c34c360f5863eac
                                                                                                                                                                                                                                                                                        • Instruction ID: c73b9a1732558304811b47a2af926c3b94187130fbff89af16a4022a06f140de
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d5805aceb878b2fcfa35bb5b2c8e7418fb0979c552908e458c34c360f5863eac
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17A1A071A00605DFDB00CF98CD80B9AB7B1FF99308F18866EDC159B645D735A944CFA6
                                                                                                                                                                                                                                                                                        Function 05896BD4 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleHandleA.KERNEL32(borlndmm), ref: 05896BF7
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,@Borlndmm@SysGetMem$qqri), ref: 05896C0C
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,@Borlndmm@SysFreeMem$qqrpv), ref: 05896C19
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,@Borlndmm@SysReallocMem$qqrpvi), ref: 05896C26
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                                                        • String ID: @Borlndmm@SysFreeMem$qqrpv$@Borlndmm@SysGetMem$qqri$@Borlndmm@SysReallocMem$qqrpvi$borlndmm
                                                                                                                                                                                                                                                                                        • API String ID: 667068680-1352882558
                                                                                                                                                                                                                                                                                        • Opcode ID: f8561308dbeee5b86949edef0289b893f448f5b1ae97eb666396d72753840bfc
                                                                                                                                                                                                                                                                                        • Instruction ID: b94bbf08d9b2dc451a46123d76764b80d5b460e6bfafa24144b05a62e0d3fe30
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8561308dbeee5b86949edef0289b893f448f5b1ae97eb666396d72753840bfc
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D6017171204316AFEF2C9E268C85B6A779AFF10758F480824FC03D6240F6B58C4086A0
                                                                                                                                                                                                                                                                                        Function 10002640 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 33sleepCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • InterlockedCompareExchange.KERNEL32(10396230,00000001,00000000), ref: 10002650
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A,1000B2A5,?,?,00000000,?,1000B34B,delegates.xml,00000000,100221F6,?,?,?,?), ref: 10002662
                                                                                                                                                                                                                                                                                        • InterlockedCompareExchange.KERNEL32(10396230,00000001,00000000), ref: 1000266D
                                                                                                                                                                                                                                                                                        • DeleteCriticalSection.KERNEL32(?,?,?,00000000,?,1000B34B,delegates.xml,00000000,100221F6,?,?,?,?), ref: 10002679
                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(10396230,00000000), ref: 10002696
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExchangeInterlocked$Compare$CriticalDeleteSectionSleep
                                                                                                                                                                                                                                                                                        • String ID: 0MVu$@.Vu$TRST
                                                                                                                                                                                                                                                                                        • API String ID: 584542539-1363881304
                                                                                                                                                                                                                                                                                        • Opcode ID: ac2718b1b05b7e29c42c1cfeaf899640fe16f3acbbf996def8779e3747e25903
                                                                                                                                                                                                                                                                                        • Instruction ID: 6ac6011e49edbf12e31d18e08d24bce52b0eb39ad3e41f53bc935ab540329daa
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac2718b1b05b7e29c42c1cfeaf899640fe16f3acbbf996def8779e3747e25903
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FEF0A73221122577FA209BA49C49FCBB794FF8EB84F050415F940AE0D0D7A1E4428AF6
                                                                                                                                                                                                                                                                                        Function 1001F050 Relevance: 14.0, APIs: 1, Strings: 8, Instructions: 466sleepCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Sleep
                                                                                                                                                                                                                                                                                        • String ID: NoWindowWithSpecifiedIDExists$UnableToOpenXServer$UnableToReadXWindowAttributes$UnableToReadXWindowImage$XImportImage$\Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\xwindow.c$`%s'$root
                                                                                                                                                                                                                                                                                        • API String ID: 3472027048-3296118726
                                                                                                                                                                                                                                                                                        • Opcode ID: c60fad2e77b6649edd02bdea4fb52b4dc9c240a86b4cc53d517207f7d0ef9112
                                                                                                                                                                                                                                                                                        • Instruction ID: 950a8ca50fe2cfad19005c13f9f1a280772cb41ea4df6369db1af35a0df2bfdc
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c60fad2e77b6649edd02bdea4fb52b4dc9c240a86b4cc53d517207f7d0ef9112
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3EE1A2B69043016BE314DAA4DC81EBF73FCEB96680F40491DFA449A245E775FA4887A2
                                                                                                                                                                                                                                                                                        Function 0589A418 Relevance: 12.9, Strings: 10, Instructions: 374COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: +$-$0$9$A$F$I$N$N$N
                                                                                                                                                                                                                                                                                        • API String ID: 0-1648577461
                                                                                                                                                                                                                                                                                        • Opcode ID: 04bb1ac860f974c051a416f6fec79c5d73368c20deca4b317b4d7159356badcc
                                                                                                                                                                                                                                                                                        • Instruction ID: fda8ac88190da06413be43bf482e330f7d4480432fdcf104a53e0eecc21aac4a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 04bb1ac860f974c051a416f6fec79c5d73368c20deca4b317b4d7159356badcc
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C1E18DB4E04249ABCF1DCFA8C5886EDBBB2BF48304F28815ADC55E7251D7369E41CB51
                                                                                                                                                                                                                                                                                        Function 0589A8FC Relevance: 12.9, Strings: 10, Instructions: 372COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: +$-$0$9$A$F$I$N$N$N
                                                                                                                                                                                                                                                                                        • API String ID: 0-1648577461
                                                                                                                                                                                                                                                                                        • Opcode ID: 6d6c0eded6c3ccfb1631b0677ad5cb3f8242c4487fa39e11564b708ebd60dd73
                                                                                                                                                                                                                                                                                        • Instruction ID: 3f71b627250f684f0a301e1fe6b3afe605e0d6740d766f1d25276ff10426b575
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d6c0eded6c3ccfb1631b0677ad5cb3f8242c4487fa39e11564b708ebd60dd73
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6E17A70E0424A9BDF1CCFA8C5846EDBBB2BF48304F28815AEC55E7251D7358E81CB96
                                                                                                                                                                                                                                                                                        Function 0589C5EF Relevance: 12.6, Strings: 10, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: !"what?"$!"what?"$(ctorMask & 0x0080) == 0$(ctorMask & 0x0100) != 0 || (ctorMask & 0x0020) == 0$what?$what?$xx.cpp$xx.cpp$xx.cpp$xx.cpp
                                                                                                                                                                                                                                                                                        • API String ID: 0-3537565528
                                                                                                                                                                                                                                                                                        • Opcode ID: cab6839ed80491de8d22cae769ef53f300d2805050b7f83675316636c7b11b91
                                                                                                                                                                                                                                                                                        • Instruction ID: c7d9bf43048259fe06e3c5186f6609835548ba4fedbff9245fde48f57d2ea51b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cab6839ed80491de8d22cae769ef53f300d2805050b7f83675316636c7b11b91
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 562104323893C9A7DE2E4A184D0DF6F3765BF87B41F0C2108FE22F0290E6B64C10816A
                                                                                                                                                                                                                                                                                        Function 0589D99F Relevance: 12.6, Strings: 10, Instructions: 99COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: dtrCount <= vdtCount$etdCount <= elemCount || elemCount == 0$varType->tpArr.tpaElemType->tpClass.tpcFlags & CF_HAS_DTOR$varType->tpMask & TM_IS_ARRAY$vdtCount$xx.cpp$xx.cpp$xx.cpp$xx.cpp$xx.cpp
                                                                                                                                                                                                                                                                                        • API String ID: 0-1117896736
                                                                                                                                                                                                                                                                                        • Opcode ID: e9410fd93f683e7e3dc822381933eb687cefccb163cc2560e4bad562e9f1d484
                                                                                                                                                                                                                                                                                        • Instruction ID: 4a7673fce9373b6db4c38f1e4ae53a7cdea1ab8d5541274bfd9f6b8c4ab0b42e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e9410fd93f683e7e3dc822381933eb687cefccb163cc2560e4bad562e9f1d484
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A7310532B44348AFEF05DF44CC86F9977A1BF55710F0C4055FD08AB290E3B06E609AAA
                                                                                                                                                                                                                                                                                        Function 0EE5270C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0EE527A5
                                                                                                                                                                                                                                                                                        • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0EE527C1
                                                                                                                                                                                                                                                                                        • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 0EE527FA
                                                                                                                                                                                                                                                                                        • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0EE52877
                                                                                                                                                                                                                                                                                        • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 0EE52890
                                                                                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(?), ref: 0EE528C5
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 351091851-3916222277
                                                                                                                                                                                                                                                                                        • Opcode ID: 8cabe28147bc9e2467b8d9bb42ad8481c7e0d6e0db598c4740158c67081dadf2
                                                                                                                                                                                                                                                                                        • Instruction ID: 361cdc8e51048b4218970ab313c838249fb3fa3eee9b40655462e1dc8f6614a9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8cabe28147bc9e2467b8d9bb42ad8481c7e0d6e0db598c4740158c67081dadf2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8510F76A1162D9BCB62DB98CC90BD9B3FCAF0C204F0055D5EA49E7311DA30AF818F65
                                                                                                                                                                                                                                                                                        Function 6C5CDF70 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 6C5CDF9B
                                                                                                                                                                                                                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 6C5CDFA3
                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 6C5CE031
                                                                                                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 6C5CE05C
                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 6C5CE0B1
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                        • String ID: @0\l$csm
                                                                                                                                                                                                                                                                                        • API String ID: 1170836740-1887507148
                                                                                                                                                                                                                                                                                        • Opcode ID: b1260e1f7528849dd265787b26fe0cbea40128eb1d207f5c7c3ed0e8a88976a5
                                                                                                                                                                                                                                                                                        • Instruction ID: c7c8818a8ecf51cd3748440e3f8661ab7dc3cdc2e7fddafc9e4aa1cc3bfcf2f2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b1260e1f7528849dd265787b26fe0cbea40128eb1d207f5c7c3ed0e8a88976a5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68419F34B01208DBCB10DFA8CC44A9EBBB5AF45328F148699E914AB751D771AE05CBD2
                                                                                                                                                                                                                                                                                        Function 0EE3663C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,0EE366ED,?,?,?,00000001,0EE367E2,0EE343B7,0EE343FE,?,?), ref: 0EE36675
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,0EE366ED,?,?,?,00000001,0EE367E2,0EE343B7,0EE343FE,?), ref: 0EE3667B
                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(000000F5,0EE366C8,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,0EE366ED,?,?), ref: 0EE36690
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,000000F5,0EE366C8,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,0EE366ED,?,?), ref: 0EE36696
                                                                                                                                                                                                                                                                                        • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 0EE366B4
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FileHandleWrite$Message
                                                                                                                                                                                                                                                                                        • String ID: Error$Runtime error at 00000000
                                                                                                                                                                                                                                                                                        • API String ID: 1570097196-2970929446
                                                                                                                                                                                                                                                                                        • Opcode ID: 907b287165ba59911e94e9b143ffea91f02160c12f5c688fa3686cb52c0a2a42
                                                                                                                                                                                                                                                                                        • Instruction ID: 073625b1eb19bd3b63cab0f98d82d650b06a958022b44ff4df9d6a94fc4611c3
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 907b287165ba59911e94e9b143ffea91f02160c12f5c688fa3686cb52c0a2a42
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F7F0F6E065130879E630A3B0AD5FF5D35DC4384F6AF706A04F3509A0E6D7A84984D652
                                                                                                                                                                                                                                                                                        Function 0EE33120 Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,00000000,0EE32D92), ref: 0EE331B6
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,0EE32D92), ref: 0EE331D0
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Sleep
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 835fc208989a9b1a0733f972ccdd132abe9378f1680042099c8f2f406eb58aa6
                                                                                                                                                                                                                                                                                        • Instruction ID: 00e88d10931966209b40db0cf89c7baf76477732b4998b048cfca4ae139dedb3
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 835fc208989a9b1a0733f972ccdd132abe9378f1680042099c8f2f406eb58aa6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F67113712113449FD721CF38D888B16BBD4AF89325F34D6A9D9948B3A6D774DC40CB91
                                                                                                                                                                                                                                                                                        Function 0EED18B0 Relevance: 12.1, APIs: 8, Instructions: 118windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000200,0000020E,00000001), ref: 0EED18CC
                                                                                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0EED18E4
                                                                                                                                                                                                                                                                                        • IsWindowUnicode.USER32 ref: 0EED18F8
                                                                                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0EED191F
                                                                                                                                                                                                                                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 0EED1935
                                                                                                                                                                                                                                                                                        • TranslateMessage.USER32 ref: 0EED19C0
                                                                                                                                                                                                                                                                                        • DispatchMessageW.USER32 ref: 0EED19CD
                                                                                                                                                                                                                                                                                        • DispatchMessageA.USER32 ref: 0EED19D5
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Message$Peek$Dispatch$TranslateUnicodeWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2190272339-0
                                                                                                                                                                                                                                                                                        • Opcode ID: fc569cfff570b2fcb49678c697a11d9881c910fd929807cc50134fe5c63e36e9
                                                                                                                                                                                                                                                                                        • Instruction ID: 8ee66a5c54ef9460564124f5e515b2209701ad2a51bfd8c89b5d76cf501223bb
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc569cfff570b2fcb49678c697a11d9881c910fd929807cc50134fe5c63e36e9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5831E12036F34C25EA2126799C46BEE66C54F82608F28A959F5C0971C2C7E69D4FC2A6
                                                                                                                                                                                                                                                                                        Function 0EED1664 Relevance: 12.1, APIs: 8, Instructions: 99windowthreadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCapture.USER32 ref: 0EED168A
                                                                                                                                                                                                                                                                                        • IsWindowUnicode.USER32(00000000), ref: 0EED16CD
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,-0000BBEE,0F22CE10,?), ref: 0EED16E8
                                                                                                                                                                                                                                                                                        • SendMessageA.USER32(00000000,-0000BBEE,0F22CE10,?), ref: 0EED1707
                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(00000000), ref: 0EED1716
                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(00000000,?), ref: 0EED1727
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,-0000BBEE,0F22CE10,?), ref: 0EED1747
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSendWindow$ProcessThread$CaptureUnicode
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1994056952-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f8964b70b25ac501cde0945e41e80e185d3b925f0eeb38451f24579a25b86a3b
                                                                                                                                                                                                                                                                                        • Instruction ID: 3d77d0576cbddc93cdbd932b26019ab8f33363965b1783698290df13852966c6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8964b70b25ac501cde0945e41e80e185d3b925f0eeb38451f24579a25b86a3b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA21747521920D9FE760FA69DD80F6B73DCEF05214B146838E96DC3252DB21FC058764
                                                                                                                                                                                                                                                                                        Function 0EE33318 Relevance: 10.9, APIs: 7, Instructions: 407COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: abd3153ccbae5a3895779a0787470658b0ecc8ee3cfc90d7a443ef428fe73438
                                                                                                                                                                                                                                                                                        • Instruction ID: 5bb6dba79d43a7444b7a0efd71f9c7c859d8b37d5e94f925b6ebcab3c1e486fe
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: abd3153ccbae5a3895779a0787470658b0ecc8ee3cfc90d7a443ef428fe73438
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CDC129727106090BE7159A7C9C8C76EB3C59BC8326F789679E2A4CB3A5DB68CC45C380
                                                                                                                                                                                                                                                                                        Function 1023517F Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ___shr_12
                                                                                                                                                                                                                                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN$?
                                                                                                                                                                                                                                                                                        • API String ID: 2664560246-4131533671
                                                                                                                                                                                                                                                                                        • Opcode ID: 91b76c3fea53ee1658b58f00463d93457a1238944006b2e93c02cd9fdba3de9f
                                                                                                                                                                                                                                                                                        • Instruction ID: 6a1fa581860a40dea82e410caa6460c640febfa670b536140cd6ace00c7741ca
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91b76c3fea53ee1658b58f00463d93457a1238944006b2e93c02cd9fdba3de9f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E8123B28042ABCACF01CF64C8817DEBBB4EF0A352F15459AEC49DF181D3B49A55C7A1
                                                                                                                                                                                                                                                                                        Function 100247F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 115memorywindowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32 ref: 10024830
                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 1002484B
                                                                                                                                                                                                                                                                                        • CreateBitmapIndirect.GDI32(?), ref: 1002491C
                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 10024925
                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 1002492C
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Global$AllocBitmapCreateFreeIndirectLockUnlock
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2807894642-3916222277
                                                                                                                                                                                                                                                                                        • Opcode ID: fe084fa77cf5de58f457ed98e00c7469cda2c4d14c7eb388c92527ab554639a5
                                                                                                                                                                                                                                                                                        • Instruction ID: 3dbeea14cc04216578f703bb6265c043cd89f1971425de2e5b0c598c6a7bd4bf
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe084fa77cf5de58f457ed98e00c7469cda2c4d14c7eb388c92527ab554639a5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7419D71A083569FC754CF299C8486FB7E5FBC8204F85892DF889CB341EA35E945CB62
                                                                                                                                                                                                                                                                                        Function 6C5D3AE1 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                                        • API String ID: 0-537541572
                                                                                                                                                                                                                                                                                        • Opcode ID: f2e2b19fe7f5d200e1e4dcd6d2861f6986248b4c6645a231204e99c1063dbb44
                                                                                                                                                                                                                                                                                        • Instruction ID: fff00981984d4f9fc2c7b37f2f344bfb682bafff826d4cb43657ac34703ed2d4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2e2b19fe7f5d200e1e4dcd6d2861f6986248b4c6645a231204e99c1063dbb44
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F321D872A46724EBEB11CA6D8C84E4A37789B067B4F130A24EC55A7641E730FC0085EC
                                                                                                                                                                                                                                                                                        Function 0F0A2F94 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66registryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetClassInfoW.USER32(0EE30000,DAXAParkingWindow), ref: 0F0A2FBE
                                                                                                                                                                                                                                                                                        • RegisterClassW.USER32 ref: 0F0A2FE2
                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000000), ref: 0F0A3006
                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000001), ref: 0F0A3015
                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,0000005C,00000000,0EE30000,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 0F0A3059
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ClassMetricsSystem$InfoRegisterWindow
                                                                                                                                                                                                                                                                                        • String ID: DAXAParkingWindow
                                                                                                                                                                                                                                                                                        • API String ID: 2464315561-2300527401
                                                                                                                                                                                                                                                                                        • Opcode ID: 17aef851ef8cf97b2c3eb28f14588d5a7c08981bacaf7927f72ffd50b6eab972
                                                                                                                                                                                                                                                                                        • Instruction ID: 7e847643e9ff09d44523ba00e6bbbc7a9a16754355339cec2dcca41a758090f7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 17aef851ef8cf97b2c3eb28f14588d5a7c08981bacaf7927f72ffd50b6eab972
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E11C6357403047AE750ABB8DD56F7A33D8B744715F500928F705EB2C1DB63AC209769
                                                                                                                                                                                                                                                                                        Function 6C5D5903 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D58CB: _free.LIBCMT ref: 6C5D58F0
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D5951
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D24B1: HeapFree.KERNEL32(00000000,00000000,?,6C5D58F5,?,00000000,?,?,?,6C5D591C,?,00000007,?,?,6C5D55CF,?), ref: 6C5D24C7
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D24B1: GetLastError.KERNEL32(?,?,6C5D58F5,?,00000000,?,?,?,6C5D591C,?,00000007,?,?,6C5D55CF,?,?), ref: 6C5D24D9
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D595C
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D5967
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D59BB
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D59C6
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D59D1
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D59DC
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 0a4c8129bb2e218c9d22ebd60a745e4693e687749b98b3186d80fe912f801f9a
                                                                                                                                                                                                                                                                                        • Instruction ID: e89da9e9870f5e79c33284ba63c9a35b8376de5feb1f7dab2045db6c7b41ea78
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a4c8129bb2e218c9d22ebd60a745e4693e687749b98b3186d80fe912f801f9a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 641190B1500F04EADB20ABB4CC49FDB779CDF84307FC14818AA9DE7A90D729BC584644
                                                                                                                                                                                                                                                                                        Function 6C64EC8E Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C64EC52: _free.LIBCMT ref: 6C64EC7B
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C64ECDC
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C6455B0: HeapFree.KERNEL32(00000000,00000000,?,6C64EC80,?,00000000,?,00000000,?,6C64ECA7,?,00000007,?,?,6C64D497,?), ref: 6C6455C6
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C6455B0: GetLastError.KERNEL32(?,?,6C64EC80,?,00000000,?,00000000,?,6C64ECA7,?,00000007,?,?,6C64D497,?,?), ref: 6C6455D8
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C64ECE7
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C64ECF2
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C64ED46
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C64ED51
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C64ED5C
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C64ED67
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4040411153.000000006C5F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5F0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040383654.000000006C5F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C652000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C662000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C672000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C683000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C696000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041740019.000000006C6A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041774942.000000006C6A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5f0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 4ae645aa2493154a1b86a46a20c91d755dc76003accda753f62ffbaca273640e
                                                                                                                                                                                                                                                                                        • Instruction ID: 254daa435af9bcee25f8f175cf0acde535f7ae8485b60972f4868e9a35d0073b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ae645aa2493154a1b86a46a20c91d755dc76003accda753f62ffbaca273640e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC118431542B14A6D724EBB0CC05FDBB7ED6F02704F80CC24E2AA66A60DB24B509479C
                                                                                                                                                                                                                                                                                        Function 6C5C33F0 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Global$LockSize$Read
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2257649865-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 472d8e64bf3ab5a127aeb501c63b293ea16c987947267cface2b4c5cd71c8830
                                                                                                                                                                                                                                                                                        • Instruction ID: fa2902addc01d0f30ca42af13c0bf9681402d81447fe9018192b4d62a11d9b35
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 472d8e64bf3ab5a127aeb501c63b293ea16c987947267cface2b4c5cd71c8830
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74018131300314D7EE125FE59C4CBDB77B9EF026AAB004429FA4CD2440DB2AA404969D
                                                                                                                                                                                                                                                                                        Function 0589B850 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 35libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 0589B85C
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 0589B869
                                                                                                                                                                                                                                                                                        • GetVersionExA.KERNEL32 ref: 0589B88E
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressHandleModuleProcVersion
                                                                                                                                                                                                                                                                                        • String ID: Borland32$GetProcAddress$kernel32.dll
                                                                                                                                                                                                                                                                                        • API String ID: 3310240892-88975745
                                                                                                                                                                                                                                                                                        • Opcode ID: d28cdde38fe38095e7278f959a6d6236fd9daf37b354b2a9d77fc5f1c5ebab69
                                                                                                                                                                                                                                                                                        • Instruction ID: b5417430b6361b478db90c95c98341eefd0e065b717988a2614c7f44cf1776fc
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d28cdde38fe38095e7278f959a6d6236fd9daf37b354b2a9d77fc5f1c5ebab69
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6EF04FB150C344B6FF88AF24A8CB7713A89F74434AF080405ED55E5A81EEBF8C848716
                                                                                                                                                                                                                                                                                        Function 6C5D0D28 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 31libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,6C5D0CDA,?,?,6C5D0CA2,00000008,6C5E1330,?), ref: 6C5D0D3D
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6C5D0D50
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,6C5D0CDA,?,?,6C5D0CA2,00000008,6C5E1330,?), ref: 6C5D0D73
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                        • String ID: @0\l$CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                        • API String ID: 4061214504-2416004249
                                                                                                                                                                                                                                                                                        • Opcode ID: c35ef111d951a58fb4ab895ea67f8b39bbad836d823f47d3f3ce10958d4ac0e5
                                                                                                                                                                                                                                                                                        • Instruction ID: 152d5a29b74cdad24889125cc845752dc4e89cbf514bfddfc4e40de539603e4e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c35ef111d951a58fb4ab895ea67f8b39bbad836d823f47d3f3ce10958d4ac0e5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 10F08235601318FBDF11AF94CC09B9EBB79EB41756F120092F805A1550CB31AE00DADC
                                                                                                                                                                                                                                                                                        Function 058984A8 Relevance: 10.1, Strings: 8, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: tp1$tp1->tpName$tp2$tp2->tpName$xxtype.cpp$xxtype.cpp$xxtype.cpp$xxtype.cpp
                                                                                                                                                                                                                                                                                        • API String ID: 0-742913457
                                                                                                                                                                                                                                                                                        • Opcode ID: f7df2003f1e1f9b62d85e5783850f328fd55c008bc78d51dfb6906ab723a7f53
                                                                                                                                                                                                                                                                                        • Instruction ID: 4a7385348eb0b78e1afe2f6e87fff1407675326208b512ffd87d438d7c70724b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f7df2003f1e1f9b62d85e5783850f328fd55c008bc78d51dfb6906ab723a7f53
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93113A72B44312A6EF39AF548CD5E757396BB02F54F0C8024ED47D9285F2B4DD88CA61
                                                                                                                                                                                                                                                                                        Function 6C5D68B6 Relevance: 9.3, APIs: 6, Instructions: 319fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetConsoleCP.KERNEL32(00000000,00000001,00000000), ref: 6C5D68FE
                                                                                                                                                                                                                                                                                        • __fassign.LIBCMT ref: 6C5D6ADD
                                                                                                                                                                                                                                                                                        • __fassign.LIBCMT ref: 6C5D6AFA
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,6C5D43C9,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C5D6B42
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6C5D6B82
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C5D6C2E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4031098158-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 06b9dcbbff031768e1d28803ebbf7ac15b5826cb8d70bd569677f4068b9c785f
                                                                                                                                                                                                                                                                                        • Instruction ID: a553c25e5fecccb46b8d2f70d2cc152f3a32aa5056f9f8c32e872bb0a7538e48
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 06b9dcbbff031768e1d28803ebbf7ac15b5826cb8d70bd569677f4068b9c785f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09D19971E013589FCF11CFE8C8809EDBBB5EF49314F2A056AE855EB241DB30A946CB58
                                                                                                                                                                                                                                                                                        Function 0F069AA4 Relevance: 9.2, APIs: 6, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetMapMode.GDI32(00000000,00000001), ref: 0F069AF4
                                                                                                                                                                                                                                                                                        • SetTextAlign.GDI32(00000000,00000000), ref: 0F069B03
                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(?,00000000,00000048), ref: 0F069B43
                                                                                                                                                                                                                                                                                        • SetMapMode.GDI32(00000000,00000001), ref: 0F069C2B
                                                                                                                                                                                                                                                                                        • SetTextAlign.GDI32(00000000,00000008), ref: 0F069C3A
                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(?,00000000,00000048), ref: 0F069C7A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AlignModeText
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2031635203-0
                                                                                                                                                                                                                                                                                        • Opcode ID: ee057f4bbb4cf59e8ef02dba42baabff9a7e1b281bf59c92430fe5de051bd5ad
                                                                                                                                                                                                                                                                                        • Instruction ID: 136f2365ac1009e93420dca718b6cd962bf88fbee59e99551af48654049b73dc
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee057f4bbb4cf59e8ef02dba42baabff9a7e1b281bf59c92430fe5de051bd5ad
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93914A316006089FDB50EF68C884B9E73FABF48314F548965E908DBAA6CB74BC45CB90
                                                                                                                                                                                                                                                                                        Function 0EE71F14 Relevance: 9.1, APIs: 6, Instructions: 119threadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0EE71F1F
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0EE71F2E
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE71EE0: ResetEvent.KERNEL32(00000480,0EE71F69,?,0F224FE0,00000000), ref: 0EE71EE6
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(0F0CFF74,?,0F224FE0,00000000), ref: 0EE71F73
                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(0F0AE064,?), ref: 0EE71F8F
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(0F0CFF74,00000000,0EE720D7,?,0F0AE064,?,00000000,0EE720F6,?,0F0CFF74,?,0F224FE0,00000000), ref: 0EE71FE8
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(0F0CFF74,0EE72080,0F0CFF74,00000000,0EE720D7,?,0F0AE064,?,00000000,0EE720F6,?,0F0CFF74,?,0F224FE0,00000000), ref: 0EE72073
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$CurrentEnterThread$EventExchangeInterlockedLeaveReset
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2189153385-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 60584b484c845c2247af6c47263f7fe5eb3aaac342d90d35962b668ff4914f13
                                                                                                                                                                                                                                                                                        • Instruction ID: 07340b32872f40fb0211e1480d4de182b5077d5dd6d88cef1f14ec49d6172d54
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 60584b484c845c2247af6c47263f7fe5eb3aaac342d90d35962b668ff4914f13
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD41EC70A0430DEFD725EFB4C854A6AB7F9EF49704F51A8A4E98087325C7749C40CB61
                                                                                                                                                                                                                                                                                        Function 0F0A308C Relevance: 9.1, APIs: 6, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000EB), ref: 0F0A30A6
                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EB,00000000), ref: 0F0A30E6
                                                                                                                                                                                                                                                                                          • Part of subcall function 0F0A2F94: GetClassInfoW.USER32(0EE30000,DAXAParkingWindow), ref: 0F0A2FBE
                                                                                                                                                                                                                                                                                          • Part of subcall function 0F0A2F94: RegisterClassW.USER32 ref: 0F0A2FE2
                                                                                                                                                                                                                                                                                          • Part of subcall function 0F0A2F94: GetSystemMetrics.USER32(00000000), ref: 0F0A3006
                                                                                                                                                                                                                                                                                          • Part of subcall function 0F0A2F94: GetSystemMetrics.USER32(00000001), ref: 0F0A3015
                                                                                                                                                                                                                                                                                          • Part of subcall function 0F0A2F94: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,0000005C,00000000,0EE30000,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 0F0A3059
                                                                                                                                                                                                                                                                                        • SetParent.USER32(00000000,00000000), ref: 0F0A30D9
                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000EB), ref: 0F0A30FF
                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EB,?), ref: 0F0A313E
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,00000005,00000000,0F0A317E,?,?,000000EB,?,?,000000EB), ref: 0F0A316F
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$Long$ClassMetricsSystem$InfoParentRegisterShow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1059544258-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c79eae28bd90dec3dea4b315aff27cba4c0a0c8743dfaac32583482555323a6e
                                                                                                                                                                                                                                                                                        • Instruction ID: b08681ff08ae86c6f0d0ef6b0e28cda58b104c930789c8fd111ebc7d378ec2ec
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c79eae28bd90dec3dea4b315aff27cba4c0a0c8743dfaac32583482555323a6e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DF318635604608BFDB51DFB5DC55E9EB7E8EB49324F608961F904CB691DA37ED00CA20
                                                                                                                                                                                                                                                                                        Function 1000D690 Relevance: 9.1, APIs: 6, Instructions: 101libraryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00008001,?,?,?,?,1000DC7E,?,1000AA69), ref: 1000D6BC
                                                                                                                                                                                                                                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,?,?,?,1000DC7E,?,1000AA69), ref: 1000D6D4
                                                                                                                                                                                                                                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,?,?,?,?,?,?,?,?,1000DC7E,?,1000AA69), ref: 1000D740
                                                                                                                                                                                                                                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,?,?,?,?,?,?,?,?,1000DC7E,?,1000AA69), ref: 1000D78D
                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,1000DC7E,?,1000AA69), ref: 1000D796
                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(?,?,?,?,?,1000DC7E,?,1000AA69), ref: 1000D7A5
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLibraryLoadMode
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2987862817-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 6940efee6b769e76ece5fc7f7044eb21a8bc524e96d99eb6c51db0246333be98
                                                                                                                                                                                                                                                                                        • Instruction ID: bb0659b13120f47d1b6933f8e0e492af56333901862f139cde072d2c3a83f9a7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6940efee6b769e76ece5fc7f7044eb21a8bc524e96d99eb6c51db0246333be98
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B31D5765543516BE325DB648C81FDB73ECEB8C781F80480AB68497184EFB5F94487A2
                                                                                                                                                                                                                                                                                        Function 0589B70C Relevance: 9.1, APIs: 6, Instructions: 95filewindowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000080,-000000F6,00000000,?,0589B8E6,Abnormal program termination,0589C0AC,00000000,00000000,?,0589B8F7,00000016,0589130C,?), ref: 0589B74B
                                                                                                                                                                                                                                                                                        • MessageBoxA.USER32(00000000,00000000,00000001,00000000), ref: 0589B796
                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(000000F4,-000000F6,00000000,?,0589B8E6,Abnormal program termination,0589C0AC,00000000,00000000,?,0589B8F7,00000016,0589130C,?,?), ref: 0589B7A2
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,058A3ED0,00000002,?,00000000,000000F4,-000000F6,00000000,?,0589B8E6,Abnormal program termination,0589C0AC,00000000,00000000,?,0589B8F7), ref: 0589B7B7
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,058A3ED0,00000002,?,00000000,000000F4,-000000F6,00000000,?,0589B8E6,Abnormal program termination), ref: 0589B7CC
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,058A3ED3,00000002,?,00000000,00000000,00000000,00000000,?,00000000,00000000,058A3ED0,00000002,?,00000000,000000F4), ref: 0589B7DF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: File$Write$HandleMessageModuleName
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1009477876-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 1ee92f0e7ef93351b8b47fe20086b05c4ae38f07ed93391323b13ad9cd458cce
                                                                                                                                                                                                                                                                                        • Instruction ID: 975442310736a0de70bad5fd84b62d90814b666389b0ea6608ca0165b250351b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ee92f0e7ef93351b8b47fe20086b05c4ae38f07ed93391323b13ad9cd458cce
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F421D971618304BAEF28E694EC8AFBA365CFB04793F184611FE45E50C1DEB49D4487A2
                                                                                                                                                                                                                                                                                        Function 6C5CEED4 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000001,?,6C5CE1E4,6C5CCA81,6C5CC39F,?,6C5CC5BC,?,00000001,?,?,00000001,?,6C5E1090,0000000C,6C5CC6B0), ref: 6C5CEEE2
                                                                                                                                                                                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6C5CEEF0
                                                                                                                                                                                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6C5CEF09
                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,6C5CC5BC,?,00000001,?,?,00000001,?,6C5E1090,0000000C,6C5CC6B0,?,00000001,?), ref: 6C5CEF5B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 7a6587a312798dde9b17dd7f57c3b2bddb3b39c4e7f43b573b5309433deec966
                                                                                                                                                                                                                                                                                        • Instruction ID: 749732db33180a22917463b53d2544f078786fa3e697a16e66c5936c945ae1d4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a6587a312798dde9b17dd7f57c3b2bddb3b39c4e7f43b573b5309433deec966
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E701283270D7119EE75045F95C8158726B4EB8A379322032EE120429E1EF916C0543CD
                                                                                                                                                                                                                                                                                        Function 0EE817FC Relevance: 9.1, APIs: 6, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 0EE81815
                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 0EE8181E
                                                                                                                                                                                                                                                                                        • GetDIBColorTable.GDI32(00000000,00000000,00000100,?,00000000,00000000,00000000,?,?,?,0EE8702F,?,00000000,?,?,0EE86D92), ref: 0EE81832
                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 0EE8183E
                                                                                                                                                                                                                                                                                        • DeleteDC.GDI32(00000000), ref: 0EE81844
                                                                                                                                                                                                                                                                                        • CreatePalette.GDI32 ref: 0EE8188B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CreateObjectSelect$ColorCompatibleDeletePaletteTable
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2515223848-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c6c7ca4ce98fd0dba1bf85f40df3de2540fd8d5f373f606f6c6a5f7570d8cf91
                                                                                                                                                                                                                                                                                        • Instruction ID: 37b1be9922b3d121a0e56e247178db61b062e859f6f35f7856359e49f1a4a565
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c6c7ca4ce98fd0dba1bf85f40df3de2540fd8d5f373f606f6c6a5f7570d8cf91
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CC01D26160430872D31477398D46BAF73E99FC1654F24ED29B18D97290E678CC05C392
                                                                                                                                                                                                                                                                                        Function 0EE32D9C Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,0EE3363C), ref: 0EE32E53
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A,00000000,?,0EE3363C), ref: 0EE32E69
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?,0EE3363C), ref: 0EE32E97
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A,00000000,?,?,?,0EE3363C), ref: 0EE32EAD
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Sleep
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 03a8b03035f59f8a045260e1e20a63836b94bb1d46b1799c2f4656f70dcbe29d
                                                                                                                                                                                                                                                                                        • Instruction ID: a25ba13d0aa5d7928c035b38c0d0f9739c91814af763f913d3bac062e39fcb54
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 03a8b03035f59f8a045260e1e20a63836b94bb1d46b1799c2f4656f70dcbe29d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39C166B26112158FC715CF39E888715FBE0BBC9321F2892AED5988B3A9D7749C50DBD0
                                                                                                                                                                                                                                                                                        Function 0EE9ED54 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 0EE9ED60
                                                                                                                                                                                                                                                                                        • GetTextMetricsW.GDI32(?,?), ref: 0EE9ED7E
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE7F00C: EnterCriticalSection.KERNEL32(-00000008,00000000,0EE7F20E,?,0F024888,00000001), ref: 0EE7F051
                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 0EE9ED93
                                                                                                                                                                                                                                                                                        • GetTextMetricsW.GDI32(?,?), ref: 0EE9EDA2
                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 0EE9EDAC
                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,?), ref: 0EE9EDC4
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MetricsObjectSelectText$CriticalEnterReleaseSection
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2458800664-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 7251905c2210c08133c9a9420be7d72b88a943839aac9b2a4c47ee843d6a1f89
                                                                                                                                                                                                                                                                                        • Instruction ID: 91181ed4f855b8280c2db168ef1ec8814bd1e1981f51102ef2161519e1f03818
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7251905c2210c08133c9a9420be7d72b88a943839aac9b2a4c47ee843d6a1f89
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E0196B5A0424CAFDB41EBF8DC85E9EBBFCEB08600F611861F604E7650D674AE50DB64
                                                                                                                                                                                                                                                                                        Function 0EECFA10 Relevance: 9.0, APIs: 6, Instructions: 37threadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • UnhookWindowsHookEx.USER32(00000000), ref: 0EECFA20
                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(0F0D0254,00000000), ref: 0EECFA33
                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(00000000,0F0D0254,00000000,?,0EED2D7E,0F22CE70,00000000,00000000,0EED1787,?,0F22CE10,?,0F22CE10,0EED198D), ref: 0EECFA47
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0EECFA4C
                                                                                                                                                                                                                                                                                        • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 0EECFA75
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,0F0D0254,00000000,?,0EED2D7E,0F22CE70,00000000,00000000,0EED1787,?,0F22CE10,?,0F22CE10,0EED198D), ref: 0EECFA82
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseCurrentEventExchangeHandleHookInterlockedMultipleObjectsThreadUnhookWaitWindows
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2988543691-0
                                                                                                                                                                                                                                                                                        • Opcode ID: d02e09388593f30f1865731fe11d9c8b0a61b22264b013f0fb90b52964c9182b
                                                                                                                                                                                                                                                                                        • Instruction ID: 6c66d9f8691125868e3be3ead2353d24978d3477a40fa56ef1cf7c04cbc54c6b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d02e09388593f30f1865731fe11d9c8b0a61b22264b013f0fb90b52964c9182b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0DF04F707162099ED710ABB8DC88F7977E8AB80316F143918B458CB188DB789841D715
                                                                                                                                                                                                                                                                                        Function 100047CB Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalLeaveSection
                                                                                                                                                                                                                                                                                        • String ID: %s$</log>$<?xml version="1.0" encoding="UTF-8" standalone="yes"?>$<log>
                                                                                                                                                                                                                                                                                        • API String ID: 3988221542-1235803225
                                                                                                                                                                                                                                                                                        • Opcode ID: 807ad7418243e63cc4fd09b3f3003bb752de595d0bdc6021fc354b86b369f060
                                                                                                                                                                                                                                                                                        • Instruction ID: 27118dcb8710cf5cb2940e55416725b92009b99319134c5eac2de32826e54e4e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 807ad7418243e63cc4fd09b3f3003bb752de595d0bdc6021fc354b86b369f060
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D951B3B990474067E320EBA49C46FAB72E8FFC9380F454A1CF98987246EB35F910C795
                                                                                                                                                                                                                                                                                        Function 1023183A Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 139pipeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreatePipe.KERNEL32(?,?,0000000C,?,10351F28,00000024,1022695C,?,00000400,00000000,1034C5F0,000000A4,10027286), ref: 10231878
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 10231882
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 10231A13
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 10231A18
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseHandle$CreateErrorLastPipe
                                                                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                                                                        • API String ID: 3219379475-2766056989
                                                                                                                                                                                                                                                                                        • Opcode ID: 99e8c567f3345e65637e187e35c3e3b82d9e60c720649822407a781159b80da7
                                                                                                                                                                                                                                                                                        • Instruction ID: 119af4b01a0d1bb505aa210491d9cbc9d6dc6a0b7557ae61e8cfdc4b4606b5ba
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99e8c567f3345e65637e187e35c3e3b82d9e60c720649822407a781159b80da7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF5123719102198BCB11CFA8CC557AC3BB4EF0A351F65425AE8959F2E2DF34AA30CB10
                                                                                                                                                                                                                                                                                        Function 10225FC5 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __lock.LIBCMT ref: 10225FE0
                                                                                                                                                                                                                                                                                          • Part of subcall function 102284D2: EnterCriticalSection.KERNEL32(?,?,?,10222AE7,00000004,1034C238,0000000C,10222B4B,000000E0,10222B76,?,100011EA,000000C4), ref: 102284FA
                                                                                                                                                                                                                                                                                        • __lock.LIBCMT ref: 10226015
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,1023189B), ref: 10226044
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,1023189B), ref: 10226051
                                                                                                                                                                                                                                                                                          • Part of subcall function 1022843E: LeaveCriticalSection.KERNEL32(?,10222BD3,00000004,10222BC1,1034C248,0000000C,102284C2,00000000,?,?,?,102284EB,?,?,?,10222AE7), ref: 1022844B
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeave__lock
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4189913770-3916222277
                                                                                                                                                                                                                                                                                        • Opcode ID: bf42a1d0cf961b686a6fd8c5e126258a0c28cacddc04c09e2ea7aff7d0415276
                                                                                                                                                                                                                                                                                        • Instruction ID: 4af37c6c993abe92a4090f5dbf11442699337148fb9469e17f3a6944231c00b6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bf42a1d0cf961b686a6fd8c5e126258a0c28cacddc04c09e2ea7aff7d0415276
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 864103732053428FE320DFE4F989B0673D4FB09324FB5462DF969865C0DBB5A9648A51
                                                                                                                                                                                                                                                                                        Function 0EE87CC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 112windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 0EE87D7C
                                                                                                                                                                                                                                                                                        • CreateHalftonePalette.GDI32(00000000,00000000,0F07E694,00000000,0F0283CC), ref: 0EE87D89
                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 0EE87D98
                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0EE87E06
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CreateDeleteHalftoneObjectPaletteRelease
                                                                                                                                                                                                                                                                                        • String ID: (
                                                                                                                                                                                                                                                                                        • API String ID: 577518360-3887548279
                                                                                                                                                                                                                                                                                        • Opcode ID: b9958fa8fb321d020f42cd750f2a081dbf67b89d23dac96bd01b703db98049de
                                                                                                                                                                                                                                                                                        • Instruction ID: 7ac870d00c9f7c7e0ed01fa93b01d9237ae074e10894917cca80f42a491217dc
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b9958fa8fb321d020f42cd750f2a081dbf67b89d23dac96bd01b703db98049de
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA419A30A0420D9FDB14EBA8C595AEEBBF6AF4A304F2055A6E40CAB390D7745E05DB91
                                                                                                                                                                                                                                                                                        Function 1000CDF0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 96registryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,1000D229), ref: 1000CE3B
                                                                                                                                                                                                                                                                                        • RegEnumKeyA.ADVAPI32(?,00000000,?,00000100), ref: 1000CE60
                                                                                                                                                                                                                                                                                        • RegEnumKeyA.ADVAPI32(?,00000001,?,00000100), ref: 1000CEEA
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,1000D229), ref: 1000CEF6
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Enum$CloseOpen
                                                                                                                                                                                                                                                                                        • String ID: Software\%s
                                                                                                                                                                                                                                                                                        • API String ID: 1701607978-2357236481
                                                                                                                                                                                                                                                                                        • Opcode ID: b311f9bebb8a9a29e7430ab5297fb3216fde4a4e7ba1e82d9b6e9fed138c772c
                                                                                                                                                                                                                                                                                        • Instruction ID: 28cb33327ac559394df989e2d7da813886beb3a2db84771e63e06c2768f8b25b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b311f9bebb8a9a29e7430ab5297fb3216fde4a4e7ba1e82d9b6e9fed138c772c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1931BE3510839A9FE324CF58C890EEBB7E8EF89780F00495DE5C58B146DB70E94ACB52
                                                                                                                                                                                                                                                                                        Function 0EF3EEA8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84processsynchronizationCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000220,00000000,00000000,00000044,?,?,0EF3EFFC,?,0EF3EFEC,00000000,0EF3EFAD), ref: 0EF3EF63
                                                                                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF,00000000,00000000,00000000,00000000,00000000,00000220,00000000,00000000,00000044,?,?,0EF3EFFC,?,0EF3EFEC), ref: 0EF3EF7E
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,0EF3EFB4,00000000,00000000,00000220,00000000,00000000,00000044,?,?,0EF3EFFC,?,0EF3EFEC,00000000,0EF3EFAD), ref: 0EF3EF9E
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,0EF3EFB4,00000000,00000000,00000220,00000000,00000000,00000044,?,?,0EF3EFFC,?,0EF3EFEC,00000000,0EF3EFAD), ref: 0EF3EFA7
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseHandle$CreateObjectProcessSingleWait
                                                                                                                                                                                                                                                                                        • String ID: D
                                                                                                                                                                                                                                                                                        • API String ID: 2059082233-2746444292
                                                                                                                                                                                                                                                                                        • Opcode ID: f0aab23ce6643edc5f46f2c0e5e8196eae927b0ab8c36632bd16a63e65360dfc
                                                                                                                                                                                                                                                                                        • Instruction ID: 620fd0818475bd7dfb3da5fb2cf170d6d93341bf96a6727b01b5f7fc4d70555a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f0aab23ce6643edc5f46f2c0e5e8196eae927b0ab8c36632bd16a63e65360dfc
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA314A70A0434CAADB01EBF4CD55B9EBBF9EF49704F304965B508AB290C6B59E04CB14
                                                                                                                                                                                                                                                                                        Function 6C5D2C7D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • C:\Program Files (x86)\ImBatch\ImBatch.exe, xrefs: 6C5D2C82
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: C:\Program Files (x86)\ImBatch\ImBatch.exe
                                                                                                                                                                                                                                                                                        • API String ID: 0-1522236891
                                                                                                                                                                                                                                                                                        • Opcode ID: ac88d93fd51c41408802e4dd314898bc071bc5e17c0cc88a2740cb4ca6bc3f90
                                                                                                                                                                                                                                                                                        • Instruction ID: 1f643042b6806500dcf9ec71d8d7e89ee70012553ab8f042c84031b669a697f2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac88d93fd51c41408802e4dd314898bc071bc5e17c0cc88a2740cb4ca6bc3f90
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E21B071604305BF97009F6ECC88D9B77ADAF8136D7064A15F914CBA60E730FC4187A8
                                                                                                                                                                                                                                                                                        Function 6C5D1FD6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,?,6C5D04D9,6C5E1330,00000008,6C5C24BD,00000000,00000000,00000001,?,?,?,?,?,6C5D9348), ref: 6C5D1FDB
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D2038
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D206E
                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,00000008,000000FF,?,?,6C5D04D9,6C5E1330,00000008,6C5C24BD,00000000,00000000,00000001), ref: 6C5D2079
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast_free
                                                                                                                                                                                                                                                                                        • String ID: X0^l
                                                                                                                                                                                                                                                                                        • API String ID: 2283115069-1806319720
                                                                                                                                                                                                                                                                                        • Opcode ID: 41b9e5b8da1ea2f4fb49a9e9094afba68c474ed71ddd9a3e461ee27926089136
                                                                                                                                                                                                                                                                                        • Instruction ID: 97809ac93fbbc9a19333ad2bc58ed61846ccf6c0d0f5e96424cba9a46e7d6945
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41b9e5b8da1ea2f4fb49a9e9094afba68c474ed71ddd9a3e461ee27926089136
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7411CA76304701BAD750597D8D89D9B22798BC66BD7230224F6249BAD0EF25BC0D851D
                                                                                                                                                                                                                                                                                        Function 6C5D212D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,6C5D259C,6C5D24A6,?,?,6C5CC32D,?,?,6C5C102B,000006EC), ref: 6C5D2132
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D218F
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D21C5
                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,00000008,000000FF,?,?,?,6C5D259C,6C5D24A6,?,?,6C5CC32D,?,?,6C5C102B,000006EC), ref: 6C5D21D0
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast_free
                                                                                                                                                                                                                                                                                        • String ID: X0^l
                                                                                                                                                                                                                                                                                        • API String ID: 2283115069-1806319720
                                                                                                                                                                                                                                                                                        • Opcode ID: 14d8fe9b090fe5ce1669142d756c204adc6dc29ae3356114aea20cf1596d4ea3
                                                                                                                                                                                                                                                                                        • Instruction ID: 10512344f2eafa49f4d09bf65d1765a8a072da9d03545399e8bc270724d639e8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 14d8fe9b090fe5ce1669142d756c204adc6dc29ae3356114aea20cf1596d4ea3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B911E97A304701BADB4159BE8C89D9B22799BC66BD7234224F724CBBD0DB35AC09452C
                                                                                                                                                                                                                                                                                        Function 0F05B8C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 0F05B90D
                                                                                                                                                                                                                                                                                        • GdiplusStartup.GDIPLUS(0F110BD4,0F110BB8,0F110BC8,?,0F094BC3,00000000,0F094C0F,?,?,00000000), ref: 0F05B922
                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(00000000,Cannot start GDI+ Subsystem,ERROR,00000000), ref: 0F05B959
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CountGdiplusMessageStartupTick
                                                                                                                                                                                                                                                                                        • String ID: Cannot start GDI+ Subsystem$ERROR
                                                                                                                                                                                                                                                                                        • API String ID: 4286302122-3045710871
                                                                                                                                                                                                                                                                                        • Opcode ID: 8dde2438cb2e3521f84d3126cd64520caa71d70a5dc98f3d0c7b39753c79a0a5
                                                                                                                                                                                                                                                                                        • Instruction ID: cb4a4e50365b51c4e47406479b47f11834355f2503ba2fdb22a736ea58d6c247
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8dde2438cb2e3521f84d3126cd64520caa71d70a5dc98f3d0c7b39753c79a0a5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F801D6B06443444BDBF09B38998676679D07748739F108068E80EAA1C2C7F958E0CB6A
                                                                                                                                                                                                                                                                                        Function 100026B6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28sleepthreadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A), ref: 100026C2
                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(10396230,00000000), ref: 100026EB
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,100012A2), ref: 100026F4
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 100026FA
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalCurrentEnterExchangeInterlockedSectionSleepThread
                                                                                                                                                                                                                                                                                        • String ID: @.Vu
                                                                                                                                                                                                                                                                                        • API String ID: 2719747682-1141740458
                                                                                                                                                                                                                                                                                        • Opcode ID: e1a2ad8658cfffb21c90080f1bc512ccddfbbd6aac8da8b15a6bbee83cddffca
                                                                                                                                                                                                                                                                                        • Instruction ID: bfa5d1227ec28b4c54f21a629cf82d9536f7a2213dd4f796684cdf72533e10f8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e1a2ad8658cfffb21c90080f1bc512ccddfbbd6aac8da8b15a6bbee83cddffca
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46F01C311112129FEB309F61DC49B9ABBE0FF98790F11045AF8819A1A1D7B1A882CFA5
                                                                                                                                                                                                                                                                                        Function 10223402 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 13libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleHandleA.KERNEL32(mscoree.dll,10223579,?,?,1022359A,?,00000001,00000000,102296A7,00000003), ref: 10223407
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 10223417
                                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 1022342B
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressExitHandleModuleProcProcess
                                                                                                                                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                        • API String ID: 75539706-1276376045
                                                                                                                                                                                                                                                                                        • Opcode ID: 481b94785b9a8b30b7d7123f53f2a6d67d8f4f1324af8698747c5d7be3f8bbc2
                                                                                                                                                                                                                                                                                        • Instruction ID: 97eb1ccf3be0cdd9a9f3df58f2f0b4318d5241e4b5b4a4ab31cc59ae21d0431d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 481b94785b9a8b30b7d7123f53f2a6d67d8f4f1324af8698747c5d7be3f8bbc2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4D0C7302042156BDF522FE08D4CD6A7AD4FE44641F108854F489E4021CBB1C810E911
                                                                                                                                                                                                                                                                                        Function 05899E2C Relevance: 7.8, Strings: 6, Instructions: 263COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: ($+INF$+NAN$-INF$-NAN$G
                                                                                                                                                                                                                                                                                        • API String ID: 0-2347845670
                                                                                                                                                                                                                                                                                        • Opcode ID: 63e69447b6fcd4248f102f32fd7ed2b153520afbe3a59025feb8bb2e608ff8c2
                                                                                                                                                                                                                                                                                        • Instruction ID: cdf00eeb00f48c16f51351f425497634a04fb494c9928c33e741a50c154e5f56
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63e69447b6fcd4248f102f32fd7ed2b153520afbe3a59025feb8bb2e608ff8c2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F8813B21908298DFDF2E8E6DC4D47BE7FA2AB56314F0C429DEC9ACB281C5758D45C392
                                                                                                                                                                                                                                                                                        Function 0589A130 Relevance: 7.7, Strings: 6, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: ($+INF$+NAN$-INF$-NAN$G
                                                                                                                                                                                                                                                                                        • API String ID: 0-2347845670
                                                                                                                                                                                                                                                                                        • Opcode ID: dc97734276f57a0a37c33625a7e4045f85c4c166a0b826f7293a2104ffaa457e
                                                                                                                                                                                                                                                                                        • Instruction ID: b75c570eb44ac84989e6bffe79eb2a6b7a06f37b8f2f575ebe9a6aacd07edca7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dc97734276f57a0a37c33625a7e4045f85c4c166a0b826f7293a2104ffaa457e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF81C06291431996CF2D9F88DC807AAB3B6FF95314F1C4056DC0ADB354E37A8D81C386
                                                                                                                                                                                                                                                                                        Function 6C5D6156 Relevance: 7.7, APIs: 5, Instructions: 200COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 6C5D61DA
                                                                                                                                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 6C5D62A0
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 6C5D630C
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D2463: HeapAlloc.KERNEL32(00000000,?,?,?,6C5CC32D,?,?,6C5C102B,000006EC), ref: 6C5D2495
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 6C5D6315
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 6C5D633A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1096550386-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 3bd58c556f0e2159e20efe22c9952c315bad841cf445c0b399e4bbbdc65cd91c
                                                                                                                                                                                                                                                                                        • Instruction ID: 0c1a9414d334a2146a6b621de86815edf89ee8b3d90c69bbe9716005cc4d86cb
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3bd58c556f0e2159e20efe22c9952c315bad841cf445c0b399e4bbbdc65cd91c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9651D772601316ABEB108E5CCC40EEB36A9DF85754F170929FC15D7A40DF34FC5686A8
                                                                                                                                                                                                                                                                                        Function 0EEA1E8C Relevance: 7.7, APIs: 5, Instructions: 161COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • EnumPrintersW.WINSPOOL.DRV(00000001,00000000,00000005,00000000,00000000,?,?,00000000,0EEA209D,?,00000000,00000000,00000000,?,0EEA1B18,00000001), ref: 0EEA1ED9
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000001,00000000,00000005,00000000,00000000,?,?,00000000,0EEA209D,?,00000000,00000000,00000000,?,0EEA1B18,00000001), ref: 0EEA1EE2
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000001,00000000,00000005,00000000,00000000,?,?,00000000,0EEA209D,?,00000000,00000000,00000000,?,0EEA1B18,00000001), ref: 0EEA1EEC
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE3B018: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 0EE3B05D
                                                                                                                                                                                                                                                                                        • EnumPrintersW.WINSPOOL.DRV(00000001,00000000,00000005,?,?,?,?,00000000,0EEA2052,?,00000001,00000000,00000005,00000000,00000000,?), ref: 0EEA1F47
                                                                                                                                                                                                                                                                                        • GetDefaultPrinterW.WINSPOOL.DRV(?,00000400,00000001,00000000,00000005,?,?,?,?,00000000,0EEA2052,?,00000001,00000000,00000005,00000000), ref: 0EEA1F6E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: EnumErrorLastPrinters$DefaultLoadPrinterString
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3365667171-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 54aa09391f27d666a52746780292f4bd7d594c012216b91287c48bc7d1ed634b
                                                                                                                                                                                                                                                                                        • Instruction ID: b0561514d317d08a7834c0489fb5a6b3f31129eb09ec2479de58d5c1be1c4a0d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 54aa09391f27d666a52746780292f4bd7d594c012216b91287c48bc7d1ed634b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D5511F75A0021D9FDB10EFA4C884B9EB7F9FF48304F2495A6E604EB254DB31AE41CB90
                                                                                                                                                                                                                                                                                        Function 6C5C77C0 Relevance: 7.7, APIs: 6, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FreeGlobal
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2979337801-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 93225d4b96c50aef6b17de2044256c3dd491e49758de9e90c5eb36d7532f62d7
                                                                                                                                                                                                                                                                                        • Instruction ID: a81640cf948fd71357cbd7fc811b7aefececb93ba3b10d46d6c65b46e0f2f228
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93225d4b96c50aef6b17de2044256c3dd491e49758de9e90c5eb36d7532f62d7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05718AB0601F01CEE7609F75DC58797BAE8BB0078AF10491CD4AE9B680D7B9B548CF92
                                                                                                                                                                                                                                                                                        Function 10225A5A Relevance: 7.6, APIs: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 7abcb60cba2a0bf7a4609b53068e44c7b194de455cf3cd293b326c15630bb8b7
                                                                                                                                                                                                                                                                                        • Instruction ID: eb6c42509467c3e466fa7bebf98b22e5c981ab0dbdf98171e895657abf5ed2d5
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7abcb60cba2a0bf7a4609b53068e44c7b194de455cf3cd293b326c15630bb8b7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C441F875D01277ABCF209FE5AC8489F7A68EB457987A1C129F81AA6150D7309C70CE94
                                                                                                                                                                                                                                                                                        Function 0EE69AB0 Relevance: 7.6, APIs: 5, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CharNextW.USER32(?,?,00000000,0EE69C52,?,?,00000000,?), ref: 0EE69B10
                                                                                                                                                                                                                                                                                        • CharNextW.USER32(?,?,00000000,0EE69C52,?,?,00000000,?), ref: 0EE69BB8
                                                                                                                                                                                                                                                                                        • CharNextW.USER32(00000000,?,00000000,0EE69C52,?,?,00000000,?), ref: 0EE69BDD
                                                                                                                                                                                                                                                                                        • CharNextW.USER32(00000000,00000000,?,00000000,0EE69C52,?,?,00000000,?), ref: 0EE69BF5
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CharNext
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3213498283-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 436be4862cbd0a44712b58684f54f6fdfe464ac12ceb164a9aeda6ee0b38c82f
                                                                                                                                                                                                                                                                                        • Instruction ID: a1fd4b5b75018a3a09bae476903e72914332a36713fd4b1f8eebeee1c5a28083
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 436be4862cbd0a44712b58684f54f6fdfe464ac12ceb164a9aeda6ee0b38c82f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 52516B30A5061C9FCF15EF68C894AA977F1EF86750F8025D0E400DB39AE775AD82CB45
                                                                                                                                                                                                                                                                                        Function 1001E720 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 136sleepCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000032,?,?,?,?,?,?,?,?,?,?,?,?,?,10058EB9,?), ref: 1001E763
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000064,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1001E7FC
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • ..., xrefs: 1001E72F
                                                                                                                                                                                                                                                                                        • XCheckRefreshWindows, xrefs: 1001E739
                                                                                                                                                                                                                                                                                        • \Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\xwindow.c, xrefs: 1001E73E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Sleep
                                                                                                                                                                                                                                                                                        • String ID: ...$XCheckRefreshWindows$\Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\xwindow.c
                                                                                                                                                                                                                                                                                        • API String ID: 3472027048-2590426722
                                                                                                                                                                                                                                                                                        • Opcode ID: 43d53dc172b0d0271df8bdf8f9fc7ff597cd53b2e3e370ae0d0d12ecd35d7946
                                                                                                                                                                                                                                                                                        • Instruction ID: f5e38887a0baf1cd4ab2ada62c349c3b80a453b2deb9a1b5897992df50eca0e9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 43d53dc172b0d0271df8bdf8f9fc7ff597cd53b2e3e370ae0d0d12ecd35d7946
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 444193B65043467BF215E750CC42FAF77ACEF96744F004908FA144A182EB35FA0A87A3
                                                                                                                                                                                                                                                                                        Function 05897F70 Relevance: 7.6, Strings: 6, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: IS_STRUC(base->tpMask)$IS_STRUC(derv->tpMask)$derv->tpClass.tpcFlags & CF_HAS_BASES$xxtype.cpp$xxtype.cpp$xxtype.cpp
                                                                                                                                                                                                                                                                                        • API String ID: 0-583167796
                                                                                                                                                                                                                                                                                        • Opcode ID: 08bfe794cf50c7d0be02bb0ff3d1b8ba6bad752e804ea835699f6fc1571c470b
                                                                                                                                                                                                                                                                                        • Instruction ID: 977e7939b3cfa5b1bb85a22c694fd3cb49d7af981fa4164a11dd9264ce77b5fe
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08bfe794cf50c7d0be02bb0ff3d1b8ba6bad752e804ea835699f6fc1571c470b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD41B635A0830AAAEF29CE15DC45BBA7791FF43714F0C8055ED06DA281E276DD91CE92
                                                                                                                                                                                                                                                                                        Function 0F02FFD6 Relevance: 7.6, APIs: 5, Instructions: 112sleepCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 0F028794: EnterCriticalSection.KERNEL32(?,?,?,0F0301B6,00000000,0F08A37C,00000000,0F08A469,?,00000000,0F08A48C,?,?,?,?), ref: 0F02879F
                                                                                                                                                                                                                                                                                          • Part of subcall function 0F028794: LeaveCriticalSection.KERNEL32(?,?,?,?,0F0301B6,00000000,0F08A37C,00000000,0F08A469,?,00000000,0F08A48C,?,?,?,?), ref: 0F0287B2
                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(-00000048,00000001), ref: 0F030005
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A,-00000050,00000000,00000000), ref: 0F03001F
                                                                                                                                                                                                                                                                                        • InterlockedCompareExchange.KERNEL32(-00000050,00000000,00000000), ref: 0F030036
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 0F03009A
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,0F0300E8), ref: 0F0300DB
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterExchangeInterlockedLeave$CompareSleep
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1786549734-0
                                                                                                                                                                                                                                                                                        • Opcode ID: de600baf65385afb452bcff4d623356392404c4d11fd3ce1df5ff57b612227c1
                                                                                                                                                                                                                                                                                        • Instruction ID: 30198ea4307103f3ff2bb8666105b16383043c2bb3a6061308c633051544816e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de600baf65385afb452bcff4d623356392404c4d11fd3ce1df5ff57b612227c1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23418A70A04248EFEB11DB68C989BADB7E9FB45308F6544F0E904AB263C774AD40CB14
                                                                                                                                                                                                                                                                                        Function 05899374 Relevance: 7.6, APIs: 5, Instructions: 107COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetHandleCount.KERNEL32(00000032), ref: 05899380
                                                                                                                                                                                                                                                                                        • GetStartupInfoA.KERNEL32(?), ref: 058993AA
                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(000000F6), ref: 05899463
                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(000000F5,000000F6), ref: 0589946F
                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(000000F4,000000F5,000000F6), ref: 0589947B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Handle$CountInfoStartup
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2024372269-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 304f88b38a59742cdabcead9b0a198845c5c408d24708c0793de2907269da504
                                                                                                                                                                                                                                                                                        • Instruction ID: 4f235e4cea52a55c68d22604eabfeef5b4a610113ea538bcd9561e85e5df3617
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 304f88b38a59742cdabcead9b0a198845c5c408d24708c0793de2907269da504
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D31F3B16143009BEF1DDE18C8C6B69BBA1FB40324F18492CEDD6C2280DB769C84CB12
                                                                                                                                                                                                                                                                                        Function 0589D5AD Relevance: 7.6, Strings: 6, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • (errPtr->ERRcInitDtc >= varType->tpClass.tpcDtorCount) || flags, xrefs: 0589D628
                                                                                                                                                                                                                                                                                        • xx.cpp, xrefs: 0589D5D4
                                                                                                                                                                                                                                                                                        • xx.cpp, xrefs: 0589D5F1
                                                                                                                                                                                                                                                                                        • varType->tpClass.tpcDtorAddr, xrefs: 0589D5F6
                                                                                                                                                                                                                                                                                        • xx.cpp, xrefs: 0589D623
                                                                                                                                                                                                                                                                                        • varType->tpClass.tpcFlags & CF_HAS_DTOR, xrefs: 0589D5D9
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: (errPtr->ERRcInitDtc >= varType->tpClass.tpcDtorCount) || flags$varType->tpClass.tpcDtorAddr$varType->tpClass.tpcFlags & CF_HAS_DTOR$xx.cpp$xx.cpp$xx.cpp
                                                                                                                                                                                                                                                                                        • API String ID: 0-540063020
                                                                                                                                                                                                                                                                                        • Opcode ID: 2ba75cc01c25afe136b5c643c71ff75560d10c17798ac18494a07c3e9016d59e
                                                                                                                                                                                                                                                                                        • Instruction ID: a14abd8692b2f1aad9d618729970a2f01374beedf661dc9db9a33ba685b83892
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ba75cc01c25afe136b5c643c71ff75560d10c17798ac18494a07c3e9016d59e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3421F672A01308ABEF05DF45D985EAA77A5FF04714F180214EC08EB352E3F08E458BE6
                                                                                                                                                                                                                                                                                        Function 0EE86FE4 Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 0EE8703A
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0EE8704F
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000E), ref: 0EE87059
                                                                                                                                                                                                                                                                                        • CreateHalftonePalette.GDI32(00000000,00000000,?,00000000,?,?,0EE86D92,?,?,0EE86B1E,?,?,?,00000000,0EF3F7A7), ref: 0EE8707D
                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 0EE87088
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE852E8: LeaveCriticalSection.KERNEL32(0EE87DDA,0EE8536B,?,?,?,?,?,?,?,?,?,?,?,?,0EE857D8,00000000), ref: 0EE8535E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CapsDevice$CreateCriticalHalftoneLeavePaletteReleaseSection
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3410390442-0
                                                                                                                                                                                                                                                                                        • Opcode ID: ae10c4efe9d84b632057d69d51dea3cd458210f9d3457b3a0d79a5e507fc685c
                                                                                                                                                                                                                                                                                        • Instruction ID: 022b6cb61ae602455c2f125af6da5e6efd767897dc9a8e6aaf8eb9e19dfb82a4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae10c4efe9d84b632057d69d51dea3cd458210f9d3457b3a0d79a5e507fc685c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C11D32161129D9AEB20FF348A447EE3BD0AF41359F243626F84CDB689D7B58C91C3A1
                                                                                                                                                                                                                                                                                        Function 0F06A60B Relevance: 7.6, APIs: 5, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(?,0000005A), ref: 0F06A61F
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(?,00000008), ref: 0F06A62F
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(?,0000000A), ref: 0F06A63B
                                                                                                                                                                                                                                                                                          • Part of subcall function 0F069AA4: SetMapMode.GDI32(00000000,00000001), ref: 0F069AF4
                                                                                                                                                                                                                                                                                          • Part of subcall function 0F069AA4: SetTextAlign.GDI32(00000000,00000000), ref: 0F069B03
                                                                                                                                                                                                                                                                                          • Part of subcall function 0F069AA4: MulDiv.KERNEL32(?,00000000,00000048), ref: 0F069B43
                                                                                                                                                                                                                                                                                        • PlayEnhMetaFile.GDI32(00000000,?,?), ref: 0F06A682
                                                                                                                                                                                                                                                                                        • RestoreDC.GDI32(00000000,?), ref: 0F06A6AB
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CapsDevice$AlignFileMetaModePlayRestoreText
                                                                                                                                                                                                                                                                                        • String ID: Page $Printing not allowed!
                                                                                                                                                                                                                                                                                        • API String ID: 558365637-545845978
                                                                                                                                                                                                                                                                                        • Opcode ID: 07e1860d49b90eac1ec51ceb3faa130d9372f6b647d6c76fb4a5e92b1994de02
                                                                                                                                                                                                                                                                                        • Instruction ID: f696ff64553a8c83530b6acab6d1db95ca90d85b8bbd8ccd8a36503f0612702e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07e1860d49b90eac1ec51ceb3faa130d9372f6b647d6c76fb4a5e92b1994de02
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9B119AB1A00209AFDB00FBE8CD45FEE77F8AF45700F655855B504E7291CA78AD00CB25
                                                                                                                                                                                                                                                                                        Function 1000DB30 Relevance: 7.6, APIs: 5, Instructions: 56timeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetVersionExA.KERNEL32(00000094), ref: 1000DB56
                                                                                                                                                                                                                                                                                        • GetSystemTime.KERNEL32(?), ref: 1000DB68
                                                                                                                                                                                                                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 1000DB78
                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,?), ref: 1000DBB5
                                                                                                                                                                                                                                                                                        • GetProcessTimes.KERNEL32(00000000), ref: 1000DBBC
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Time$ProcessSystem$CurrentFileTimesVersion
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1628533653-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 893668b446098dd376b4613b83cdea0cb499a1c27fce241c2e78d064112050ac
                                                                                                                                                                                                                                                                                        • Instruction ID: 2bdaa61419d038a96b8043eec5bcface08ee340850405b2ef95008f58228b117
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 893668b446098dd376b4613b83cdea0cb499a1c27fce241c2e78d064112050ac
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4221F071408344EBD324DB94D898BABB7F8FB88300F418D0EF48A87261DB30E518CB22
                                                                                                                                                                                                                                                                                        Function 0EE81764 Relevance: 7.6, APIs: 5, Instructions: 55windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 0EE8177C
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(?,00000068), ref: 0EE81798
                                                                                                                                                                                                                                                                                        • GetPaletteEntries.GDI32(19080E80,00000000,00000008,?), ref: 0EE817B0
                                                                                                                                                                                                                                                                                        • GetPaletteEntries.GDI32(19080E80,00000008,00000008,?), ref: 0EE817C8
                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,?), ref: 0EE817E4
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: EntriesPalette$CapsDeviceRelease
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3128150645-0
                                                                                                                                                                                                                                                                                        • Opcode ID: e4b042e85a721ee6b38b93e4708ef432ca1c3efd1025f1100af4e0d976ab9def
                                                                                                                                                                                                                                                                                        • Instruction ID: ab12f840cd049f0e2f52cc8cd3bf676410132baa6d4737aaaaafe73a27b431e4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e4b042e85a721ee6b38b93e4708ef432ca1c3efd1025f1100af4e0d976ab9def
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C11443124830C6EEB00EBB49C85F6D77ECEB46711F608496F14CDB1C0CA769841C320
                                                                                                                                                                                                                                                                                        Function 6C5D5862 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D587A
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D24B1: HeapFree.KERNEL32(00000000,00000000,?,6C5D58F5,?,00000000,?,?,?,6C5D591C,?,00000007,?,?,6C5D55CF,?), ref: 6C5D24C7
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D24B1: GetLastError.KERNEL32(?,?,6C5D58F5,?,00000000,?,?,?,6C5D591C,?,00000007,?,?,6C5D55CF,?,?), ref: 6C5D24D9
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D588C
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D589E
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D58B0
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D58C2
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                        • Opcode ID: b0390579020b33e5b23ca8dd52280c01916be687e871c470ddb8497ea41576e2
                                                                                                                                                                                                                                                                                        • Instruction ID: b5c6f545a555880a6a2b1992a20601123f402fb4b16369adf81eed727ee618fe
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b0390579020b33e5b23ca8dd52280c01916be687e871c470ddb8497ea41576e2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DEF019F15017249B8B50CE6DECC5C5A73E9EB8526A7F24805E818D7B00C725FC804A9C
                                                                                                                                                                                                                                                                                        Function 6C5C3380 Relevance: 7.5, APIs: 5, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GlobalSize.KERNEL32(?), ref: 6C5C3393
                                                                                                                                                                                                                                                                                        • GlobalReAlloc.KERNEL32(?,?,00000000), ref: 6C5C33A3
                                                                                                                                                                                                                                                                                        • IsBadReadPtr.KERNEL32(?,00000004), ref: 6C5C33B8
                                                                                                                                                                                                                                                                                        • GlobalSize.KERNEL32(?), ref: 6C5C33C4
                                                                                                                                                                                                                                                                                        • GlobalReAlloc.KERNEL32(?,?,00000000), ref: 6C5C33D5
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Global$AllocSize$Read
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2814644994-0
                                                                                                                                                                                                                                                                                        • Opcode ID: d66a974afc6683ffca99bf1dbb81a1b24ef0608f9a4df8664049ea6e8ca4d960
                                                                                                                                                                                                                                                                                        • Instruction ID: d373f302f260fdd9db4e04583e0eff2177c7d655761ec6fd69ae0e4242a8450c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d66a974afc6683ffca99bf1dbb81a1b24ef0608f9a4df8664049ea6e8ca4d960
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6F06D31301218ABEF121FA09C08BCA3B799F02A69F104018FA68E6580DB76D51196A9
                                                                                                                                                                                                                                                                                        Function 102292BD Relevance: 7.5, APIs: 5, Instructions: 37threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,102242A9,1022847F,?,?,?,102284EB,?,?,?,10222AE7,00000004,1034C238,0000000C,10222B4B), ref: 102292BF
                                                                                                                                                                                                                                                                                        • TlsGetValue.KERNEL32(?,102242A9,1022847F,?,?,?,102284EB,?,?,?,10222AE7,00000004,1034C238,0000000C,10222B4B,000000E0), ref: 102292CD
                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,102242A9,1022847F,?,?,?,102284EB,?,?,?,10222AE7,00000004,1034C238,0000000C,10222B4B), ref: 10229323
                                                                                                                                                                                                                                                                                          • Part of subcall function 102296A8: __lock.LIBCMT ref: 102296EC
                                                                                                                                                                                                                                                                                          • Part of subcall function 102296A8: RtlAllocateHeap.NTDLL(00000008,?,1034C908,00000010,102292E5,00000001,00000088,?,102242A9,1022847F,?,?,?,102284EB,?,?), ref: 1022972A
                                                                                                                                                                                                                                                                                        • TlsSetValue.KERNEL32(00000000,?,102242A9,1022847F,?,?,?,102284EB,?,?,?,10222AE7,00000004,1034C238,0000000C,10222B4B), ref: 102292F4
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 1022930C
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLastValue$AllocateCurrentHeapThread__lock
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1487844433-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 79bef2a70fa522882580437c9696298a7015cd4794147805b538a32a62833908
                                                                                                                                                                                                                                                                                        • Instruction ID: f6a4dc5d8cb8896fbb2a4a5c87a72ac376714f3b60d42766316ffeabf36f2d8b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 79bef2a70fa522882580437c9696298a7015cd4794147805b538a32a62833908
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98F0FC317017215FDB305FB4AC4D6463694FB097E2B914614F886DA2F1DBA18C509F90
                                                                                                                                                                                                                                                                                        Function 6C5C3460 Relevance: 7.5, APIs: 5, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GlobalSize.KERNEL32(?), ref: 6C5C3473
                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(?), ref: 6C5C347E
                                                                                                                                                                                                                                                                                        • IsBadReadPtr.KERNEL32(?,00000004), ref: 6C5C348A
                                                                                                                                                                                                                                                                                        • GlobalSize.KERNEL32(?), ref: 6C5C3496
                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(?), ref: 6C5C34A2
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Global$SizeUnlock$Read
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1060554908-0
                                                                                                                                                                                                                                                                                        • Opcode ID: a7dc8bb1bca12e5ffef319b7e68cb0de2755c374bf75f596bafb1df3f0be009c
                                                                                                                                                                                                                                                                                        • Instruction ID: b907f5dd57c76305653fc0ffd8e564094b2d959883a9fede293b66d39e2b8e76
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7dc8bb1bca12e5ffef319b7e68cb0de2755c374bf75f596bafb1df3f0be009c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83E06530341214EBDF023FA1DC0C6DB7B7DDF426AB7054018F549D2400DB2A940586BE
                                                                                                                                                                                                                                                                                        Function 6C5C34B0 Relevance: 7.5, APIs: 5, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Global$FreeSize$Read
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3624235021-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 3b26ac43a392350c4ce1f8b9c9f5b980f7579ea120207545e3f055d0e2ac64de
                                                                                                                                                                                                                                                                                        • Instruction ID: dc37c444f71695c35eefdc299c96183f3e19e5cbda5381d5fd3221fb1cdd7851
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b26ac43a392350c4ce1f8b9c9f5b980f7579ea120207545e3f055d0e2ac64de
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66E06534341219E7DF022FA1DC0C6DB3B7DEF4669A7098018FA49D2400DF2A940486AE
                                                                                                                                                                                                                                                                                        Function 1004DBC0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 316COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • XShear/Image, xrefs: 1004DF69
                                                                                                                                                                                                                                                                                        • XShearImage, xrefs: 1004DBEA
                                                                                                                                                                                                                                                                                        • \Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\shear.c, xrefs: 1004DBEF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                        • String ID: XShear/Image$XShearImage$\Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\shear.c
                                                                                                                                                                                                                                                                                        • API String ID: 4168288129-2522404637
                                                                                                                                                                                                                                                                                        • Opcode ID: 6d54ef8c9ec8284b974e5dce8bbfb89ddcdb90d246f651db786ba93384eed3b5
                                                                                                                                                                                                                                                                                        • Instruction ID: e61a0e99b1de2027bf7927b161e770555f143ee2fdc4fc26d56a2c85f646a346
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d54ef8c9ec8284b974e5dce8bbfb89ddcdb90d246f651db786ba93384eed3b5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3EC16B74608602AFC704EF14D980A6ABBE1FFC8744F518A6EF88997351D730E915CB96
                                                                                                                                                                                                                                                                                        Function 6C5D26EE Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 207COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                                                                                        • String ID: *?
                                                                                                                                                                                                                                                                                        • API String ID: 269201875-2564092906
                                                                                                                                                                                                                                                                                        • Opcode ID: 3b9422d929c5c7c02480cac4e34da2c54b4ecdcea72ca46669ac63972f82816d
                                                                                                                                                                                                                                                                                        • Instruction ID: 2a418ebd9929cf15f56d684e05e22a689ad98d2f00559f3b3383edda0a0b2443
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b9422d929c5c7c02480cac4e34da2c54b4ecdcea72ca46669ac63972f82816d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D6128B5E043199F9B14CFADCC845EDFBB5EF88314B2A826AD814E7700D731AE458B94
                                                                                                                                                                                                                                                                                        Function 6C5D7123 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 178fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D68B6: GetConsoleCP.KERNEL32(00000000,00000001,00000000), ref: 6C5D68FE
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,00000000,6C5D4430,?,00000000,?,?,?,6C5D43C9,?,00000000,00000000,6C5E1530,0000002C,6C5D4430,?), ref: 6C5D7274
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 6C5D727E
                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 6C5D72C3
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ConsoleErrorFileLastWrite__dosmaperr
                                                                                                                                                                                                                                                                                        • String ID: 0D]l
                                                                                                                                                                                                                                                                                        • API String ID: 251514795-3991735499
                                                                                                                                                                                                                                                                                        • Opcode ID: 039a0973d6e057134755b732496e06e132f47bba0a802b903e9948f36ba65be5
                                                                                                                                                                                                                                                                                        • Instruction ID: b0f30402dae8e8694de2a6e37f9769c316ececd8d8f95f502b05edb6fcf73e8b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 039a0973d6e057134755b732496e06e132f47bba0a802b903e9948f36ba65be5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F51B371A0030AEADB01CFECCC44BDEBBB8EF4A398F160555E410ABA55DB30BD458769
                                                                                                                                                                                                                                                                                        Function 0EE7F00C Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 161COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(-00000008,00000000,0EE7F20E,?,0F024888,00000001), ref: 0EE7F051
                                                                                                                                                                                                                                                                                        • CreateFontIndirectW.GDI32(?), ref: 0EE7F1B1
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(0EE9ED86,0EE7F1E5,-00000008,00000000,0EE7F20E,?,0F024888,00000001), ref: 0EE7F1D8
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$CreateEnterFontIndirectLeave
                                                                                                                                                                                                                                                                                        • String ID: Default
                                                                                                                                                                                                                                                                                        • API String ID: 4254235019-753088835
                                                                                                                                                                                                                                                                                        • Opcode ID: 18525fff405ea982b847dde34c69c05992f216b86bd060b83d1693af57615bf8
                                                                                                                                                                                                                                                                                        • Instruction ID: 0ea916934a45439cf58aa33e2742070fd4031633c58836df66de99e0feae0ab4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 18525fff405ea982b847dde34c69c05992f216b86bd060b83d1693af57615bf8
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B616570E1428DDFDB01DFA8C844B9DBBF2AF49308F5495A9D894AB35AC3349E44CB61
                                                                                                                                                                                                                                                                                        Function 0589B3A4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • Error: system code page access failure; MBCS table not initialized, xrefs: 0589B3E9
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Info
                                                                                                                                                                                                                                                                                        • String ID: Error: system code page access failure; MBCS table not initialized
                                                                                                                                                                                                                                                                                        • API String ID: 1807457897-362886185
                                                                                                                                                                                                                                                                                        • Opcode ID: bfa70158db7e728c41f2b35d2817148ed62e94e82b17327ff965caaf46228e41
                                                                                                                                                                                                                                                                                        • Instruction ID: c0cb9ab3e3e000a7083a6ba578cc1499986a0ccaffbed7d9de50ca44562a6b62
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bfa70158db7e728c41f2b35d2817148ed62e94e82b17327ff965caaf46228e41
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F9317F71A1C1954EEF18CA38B8807797FD5BB4322AF1C56B0DDE5CB281DBA08C41A381
                                                                                                                                                                                                                                                                                        Function 1000D4C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateFileMappingA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000), ref: 1000D517
                                                                                                                                                                                                                                                                                        • MapViewOfFile.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,?,?,1002703A,?), ref: 1000D559
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,00000000,?,?,1002703A,?,000000FF,?,?), ref: 1000D562
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: File$CloseCreateHandleMappingView
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1187395538-3916222277
                                                                                                                                                                                                                                                                                        • Opcode ID: 4eba23c0b5ac86723ff6e1857ebe1ce12d786d9e15f0afe31af56eac2212e85c
                                                                                                                                                                                                                                                                                        • Instruction ID: 6a76764943f7208ea8eb90f1c37176d7fbf933fbb055297f222121ef93aa42ea
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4eba23c0b5ac86723ff6e1857ebe1ce12d786d9e15f0afe31af56eac2212e85c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5611E172A0475017E320D5248C05BAF7BD9EBC93FAF15022AFEA59B2D5C625DC408271
                                                                                                                                                                                                                                                                                        Function 1000D010 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetVersion.KERNEL32(00000000), ref: 1000D031
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Version
                                                                                                                                                                                                                                                                                        • String ID: %d.%02d$GS_DLL$Software\%s\%s
                                                                                                                                                                                                                                                                                        • API String ID: 1889659487-2201555331
                                                                                                                                                                                                                                                                                        • Opcode ID: cafae31b233e87abfdaff7d6cfe0ba7be68b274fae85a7d7353d634081ad0175
                                                                                                                                                                                                                                                                                        • Instruction ID: 6e83fe2021fe18a1008de4dd43eac8308cd8aa3caafef3046c339f7e71a0c991
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cafae31b233e87abfdaff7d6cfe0ba7be68b274fae85a7d7353d634081ad0175
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F821C6715083499BD324DB14D842BEB73E5EBC8300F408D1EFA8997245EA35F91A8F52
                                                                                                                                                                                                                                                                                        Function 6C5CD951 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(0000000D,?,TE^l,6C5CD5A2,?,?,TE^l,00000000,?,6C5C2400,6C5E4520,6C5CB460,6C5E4554,00000000,00000000,00000001), ref: 6C5CD9D5
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast
                                                                                                                                                                                                                                                                                        • String ID: @0\l$TE^l
                                                                                                                                                                                                                                                                                        • API String ID: 1452528299-1079380869
                                                                                                                                                                                                                                                                                        • Opcode ID: 73d43fc896a91217a2e297775e208dfd3b04ad537ba701fdf0664b08babfc62f
                                                                                                                                                                                                                                                                                        • Instruction ID: 93f1df27f6e52fc216f411f8503b4ae8a74e96617bf3e9b140bc6227721da043
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73d43fc896a91217a2e297775e208dfd3b04ad537ba701fdf0664b08babfc62f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2611E13A384219AFDF029FA5CC8455FBB75FF09755B02443DF919D6610D731A8108BD6
                                                                                                                                                                                                                                                                                        Function 0EE3E470 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • FindResourceW.KERNEL32(0EE30000,CHARTABLE,0000000A,?,?,0EE3E32C), ref: 0EE3E484
                                                                                                                                                                                                                                                                                        • LoadResource.KERNEL32(0EE30000,00000000,0EE30000,CHARTABLE,0000000A,?,?,0EE3E32C), ref: 0EE3E49B
                                                                                                                                                                                                                                                                                        • LockResource.KERNEL32(00000000,0EE30000,00000000,0EE30000,CHARTABLE,0000000A,?,?,0EE3E32C), ref: 0EE3E4AC
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE4C188: GetLastError.KERNEL32(0EEA1F18,00000001,00000000,00000005,00000000,00000000,?,?,00000000,0EEA209D,?,00000000,00000000,00000000,?,0EEA1B18), ref: 0EE4C188
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Resource$ErrorFindLastLoadLock
                                                                                                                                                                                                                                                                                        • String ID: CHARTABLE
                                                                                                                                                                                                                                                                                        • API String ID: 1074440638-2668339182
                                                                                                                                                                                                                                                                                        • Opcode ID: 686c27da7617427f2771cc69ba3d5c349899785de30dc073fc7287d8d064ff6c
                                                                                                                                                                                                                                                                                        • Instruction ID: ce5706826c98dd1eb0c4145dc2871f4cc621630c48542f103cf675b63e4dee04
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 686c27da7617427f2771cc69ba3d5c349899785de30dc073fc7287d8d064ff6c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F201C4B06453068FD70CDF74E8D4A28B3E5AB4832176555BCE24147351CABCDC02EB90
                                                                                                                                                                                                                                                                                        Function 1022F687 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,1034E570,00000010,102284A1,00000000,00000FA0,?,?,?,102284EB,?,?,?,10222AE7,00000004,1034C238), ref: 1022F6AA
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionAndSpinCount), ref: 1022F6BA
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • kernel32.dll, xrefs: 1022F6A5
                                                                                                                                                                                                                                                                                        • InitializeCriticalSectionAndSpinCount, xrefs: 1022F6B4
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                        • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
                                                                                                                                                                                                                                                                                        • API String ID: 1646373207-3733552308
                                                                                                                                                                                                                                                                                        • Opcode ID: c6e1b97788ea87724e6a9840dceecd06ca16627657d897d6f36511bb1989ef21
                                                                                                                                                                                                                                                                                        • Instruction ID: 017efabb4ac298a598a4fe5d473b57e8e95d1b24dacc7ff1dfd17491493c7881
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c6e1b97788ea87724e6a9840dceecd06ca16627657d897d6f36511bb1989ef21
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96F0807550020BABCB508FF69C89F9937E8EB4535CFA44225F465D5170E730C660DF10
                                                                                                                                                                                                                                                                                        Function 1000CCC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 1000CCE6
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • ..., xrefs: 1000CCC1
                                                                                                                                                                                                                                                                                        • \Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\nt-base.c, xrefs: 1000CCD0
                                                                                                                                                                                                                                                                                        • NTCloseDirectory, xrefs: 1000CCCB
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseFind
                                                                                                                                                                                                                                                                                        • String ID: ...$NTCloseDirectory$\Documents and Settings\FDiVittorio.DCPPDOM\Desktop\ImageMagick-6.2.3\magick\nt-base.c
                                                                                                                                                                                                                                                                                        • API String ID: 1863332320-3162358590
                                                                                                                                                                                                                                                                                        • Opcode ID: ba716684c41df58125028c9847c87295575b85e27adebee2fe4461086308f387
                                                                                                                                                                                                                                                                                        • Instruction ID: 50b25fdbff36d6c3b926e6156de19ba39bf74aea3e12a1346dbd5213a70af582
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba716684c41df58125028c9847c87295575b85e27adebee2fe4461086308f387
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DFD0A7F5A841102FE521EB68AC8ADC73244FF0A213F010C20F9457B142D765A6A146E6
                                                                                                                                                                                                                                                                                        Function 0589D071 Relevance: 6.4, Strings: 5, Instructions: 123COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: !"bogus context in Local_unwind()"$bogus context in Local_unwind()$xdrPtr && xdrPtr == *xdrLPP$xx.cpp$xx.cpp
                                                                                                                                                                                                                                                                                        • API String ID: 0-1597640725
                                                                                                                                                                                                                                                                                        • Opcode ID: ffb8c9fc1064b085bdfcac6628fce709f2c0d9133f5089b7eeb563a757065ff5
                                                                                                                                                                                                                                                                                        • Instruction ID: 97a87609f149d8f526b14fb83c2b7cc23a2664700a9cd08fadb763b4b408ea3e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ffb8c9fc1064b085bdfcac6628fce709f2c0d9133f5089b7eeb563a757065ff5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46418336A06208EBDF18DF58C8809AEF7B2FF88354B188555ED05DB354E771AE41CB98
                                                                                                                                                                                                                                                                                        Function 0589C732 Relevance: 6.3, Strings: 5, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: !"what?"$(dtorMask & 0x0080) == 0$what?$xx.cpp$xx.cpp
                                                                                                                                                                                                                                                                                        • API String ID: 0-2272778906
                                                                                                                                                                                                                                                                                        • Opcode ID: 517b04f6eae0e2b7caf5e43850d2eba9c38890f9ec376bd2de81e0767e216371
                                                                                                                                                                                                                                                                                        • Instruction ID: 697eba217bc4e8359fb7ac78a214dd5cba83f08c3e58903ca1a21a333d87ccdd
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 517b04f6eae0e2b7caf5e43850d2eba9c38890f9ec376bd2de81e0767e216371
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8B21603664420DFBEF1D9E5CEC8AF6B3B66EB41755F1C0020FD06E9150DBB28E5486A2
                                                                                                                                                                                                                                                                                        Function 0589CCAC Relevance: 6.3, Strings: 5, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: __CPPexceptionList$xdrPtr->xdERRaddr == xl$xx.cpp$xx.cpp$xx.cpp
                                                                                                                                                                                                                                                                                        • API String ID: 0-4103776991
                                                                                                                                                                                                                                                                                        • Opcode ID: 87cecd19ab6008f269bc7eff6ba02e3e0ce487e57d8578cf462b1a832d3de7ae
                                                                                                                                                                                                                                                                                        • Instruction ID: 6958cdb7f9851cc281509db7179154fbbef71ffad3ad6a8b7db9912d32cf5d57
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 87cecd19ab6008f269bc7eff6ba02e3e0ce487e57d8578cf462b1a832d3de7ae
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B216075A00304EFDF14EF58C986EA9B7B5FF48710F1881A4ED14AB351D7B5AE00DA92
                                                                                                                                                                                                                                                                                        Function 6C64747B Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4040411153.000000006C5F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5F0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040383654.000000006C5F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C652000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C662000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C672000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C683000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C696000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041740019.000000006C6A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041774942.000000006C6A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5f0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                        • Opcode ID: b1d1a69f96eaa279c931fe0dc595911817e315629c2cab36af8c96b22810ac3e
                                                                                                                                                                                                                                                                                        • Instruction ID: db93ff8835f0a420821af5267a40f2c936df4f34091f685976ecd96b251d3f0b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b1d1a69f96eaa279c931fe0dc595911817e315629c2cab36af8c96b22810ac3e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2AA17B729043869FE715CF28C8907EEBBE5EF16318F24C26DD4849BB41D7388945C758
                                                                                                                                                                                                                                                                                        Function 0589C802 Relevance: 6.3, Strings: 5, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: !"what?"$(mfnMask & 0x0080) == 0$what?$xx.cpp$xx.cpp
                                                                                                                                                                                                                                                                                        • API String ID: 0-1193724495
                                                                                                                                                                                                                                                                                        • Opcode ID: bacff808ed241b362ee7c22f3c30972e9d7a4b8d75cbceb44d7c10aeb286dfe0
                                                                                                                                                                                                                                                                                        • Instruction ID: 0fb2d823361becbcb3c4103a74107acc802ea24141e23439286711a29411d75d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bacff808ed241b362ee7c22f3c30972e9d7a4b8d75cbceb44d7c10aeb286dfe0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91018633188209BBEF085F54FC8A8E97795FB48265B8CC212FD1DA4561A7B38D209540
                                                                                                                                                                                                                                                                                        Function 10032E30 Relevance: 6.3, APIs: 4, Instructions: 251COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4168288129-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 82fcdaa27fab52eec25ddcf4414ae3967f05690e805cac5cbe3be251932369bf
                                                                                                                                                                                                                                                                                        • Instruction ID: b05689454d8800a1831d12ffd73a8ecc00fce8cb50df2628fa07b357b0f817e5
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 82fcdaa27fab52eec25ddcf4414ae3967f05690e805cac5cbe3be251932369bf
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08910275908380AFD316CB64D891A9BB7E5EFC9782F40C81DF4C94B254DB71A849CB63
                                                                                                                                                                                                                                                                                        Function 6C60ACB0 Relevance: 6.2, APIs: 4, Instructions: 249COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • jpeg_make_c_derived_tbl.JPEG62(?,00000001,?,?), ref: 6C60AD3D
                                                                                                                                                                                                                                                                                        • jpeg_make_c_derived_tbl.JPEG62(?,00000000,?,?,?,00000001,?,?), ref: 6C60AD4F
                                                                                                                                                                                                                                                                                        • jzero_far.JPEG62(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C60AEB4
                                                                                                                                                                                                                                                                                        • jzero_far.JPEG62(00000000,?,?), ref: 6C60AF70
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4040411153.000000006C5F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5F0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040383654.000000006C5F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C652000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C662000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C672000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C683000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041447697.000000006C696000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041740019.000000006C6A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4041774942.000000006C6A5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5f0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: jpeg_make_c_derived_tbljzero_far
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4036989140-0
                                                                                                                                                                                                                                                                                        • Opcode ID: a3fe3ab9fb5bcad86414943fa6712bc05b54cc0b5622afe7a808a078067c4cca
                                                                                                                                                                                                                                                                                        • Instruction ID: 5bb50346b796709752ef6891ff1a2b75ad21248dc3e07150d7dfe771cd85f193
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a3fe3ab9fb5bcad86414943fa6712bc05b54cc0b5622afe7a808a078067c4cca
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66B1E675B006289FCB24CF18C980AD9B7B5FF4A314F0481E9E909A7B01D771AE91CF96
                                                                                                                                                                                                                                                                                        Function 0F06B502 Relevance: 6.2, APIs: 4, Instructions: 187windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000044E,0000006E,?), ref: 0F06B557
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000044E,00000074,00000001), ref: 0F06B598
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000044E,0000006F,00000000), ref: 0F06B60B
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000044E,00000070,00000000), ref: 0F06B74B
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                        • String ID: SELECTED$even$odd$selected
                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-1777954622
                                                                                                                                                                                                                                                                                        • Opcode ID: 89709f477d610460ec4e95e7737015fd71d8f258ef19ef0fbe239d2841ed8a51
                                                                                                                                                                                                                                                                                        • Instruction ID: 2a15d5e26844aa617a3be38fb22131763a676eb0d681f7ed723aeb0aa20b3164
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89709f477d610460ec4e95e7737015fd71d8f258ef19ef0fbe239d2841ed8a51
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2871C2B4A00249AFEB50DFA9C884FADBBF5AF84714F5540A4E844EB362D734ED81CB10
                                                                                                                                                                                                                                                                                        Function 10223F1B Relevance: 6.2, APIs: 4, Instructions: 167COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _strlen$_strcspn_strncpy_strpbrk
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 34491180-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c91f38babf71abb2cba541eb8636a1f3b49f9860aa181d6464080f0f42afa7a3
                                                                                                                                                                                                                                                                                        • Instruction ID: 5294fe7c085c60009426ad347018d58f717c808682154c119c3df38bb904920e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c91f38babf71abb2cba541eb8636a1f3b49f9860aa181d6464080f0f42afa7a3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA510776C0425B5AEB25CFE4B880A5A77F8EB44384FB1402AEE5593101EF35DDA58B41
                                                                                                                                                                                                                                                                                        Function 0EE52454 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0EE52503
                                                                                                                                                                                                                                                                                        • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0EE5251F
                                                                                                                                                                                                                                                                                        • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0EE52596
                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 0EE525BF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ArraySafe$Bound$ClearIndexVariant
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 920484758-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 62a1b9a4ba1465e6b878ead19dd87ab23b5b62be712e9745cb260f345fd36dd1
                                                                                                                                                                                                                                                                                        • Instruction ID: bdb4dd3b1e72300d2a719d73cf57cf0e1aa5fdff8d6bc11e266615ce91815872
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62a1b9a4ba1465e6b878ead19dd87ab23b5b62be712e9745cb260f345fd36dd1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49410C76A1162D9FCB61DB58DC90BD9B3FCAF0C204F0059D5EA49A7321DA34AF818F61
                                                                                                                                                                                                                                                                                        Function 0EF3F004 Relevance: 6.1, APIs: 4, Instructions: 114COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetTempPathW.KERNEL32(?,00000000,00000000,0EF3F147,?,?,?,00000000,00000000,?,0EF3F32C,00000000,0EF3F5FF,?,0F0D0334,00000000), ref: 0EF3F063
                                                                                                                                                                                                                                                                                        • GetTempFileNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,0EF3F147,?,?,?,00000000,00000000,?,0EF3F32C,00000000,0EF3F5FF), ref: 0EF3F101
                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,0EF3F147,?,?,?,00000000,00000000,?,0EF3F32C,00000000,0EF3F5FF), ref: 0EF3F120
                                                                                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,0EF3F147,?,?,?,00000000,00000000,?,0EF3F32C), ref: 0EF3F12C
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: File$AttributesTemp$NamePath
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 605459125-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 9571e2f0f2842874b0bb5c36efcd34ecfaaf0a5230260b76e3bd5594a5ee2b8b
                                                                                                                                                                                                                                                                                        • Instruction ID: 74ae01b96ef7ae331b4a8d86ad5b032d20fac4afa0e4b35c43b5a70868a75a8f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9571e2f0f2842874b0bb5c36efcd34ecfaaf0a5230260b76e3bd5594a5ee2b8b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24314C71F04219EBDB21EB78C995AAF73E99F84700B3295A1E800A7314DB74DF05D691
                                                                                                                                                                                                                                                                                        Function 6C5C6720 Relevance: 6.1, APIs: 4, Instructions: 105memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GlobalSize.KERNEL32(?), ref: 6C5C67D7
                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(?), ref: 6C5C67ED
                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000000,?,?,?,?), ref: 6C5C67F8
                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(?), ref: 6C5C680F
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Global$Free$AllocSize
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1703895601-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 0b677d8ad40ec5429bb3bdc479c1ce4f44a9ef9fd076ccc60906cac1de449d60
                                                                                                                                                                                                                                                                                        • Instruction ID: 901e16c0455e9ad713728e6886e05c9044711ec28b0fdee67bbd2eb80541e408
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b677d8ad40ec5429bb3bdc479c1ce4f44a9ef9fd076ccc60906cac1de449d60
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2313A76B006299FCB04CF99C880AAABBF9FB5D711B01815AE814D7750D734E911CBA1
                                                                                                                                                                                                                                                                                        Function 0EE39BFC Relevance: 6.1, APIs: 4, Instructions: 97threadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetThreadUILanguage.KERNEL32(?,00000000), ref: 0EE39C0D
                                                                                                                                                                                                                                                                                        • SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 0EE39C6F
                                                                                                                                                                                                                                                                                        • SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 0EE39CCC
                                                                                                                                                                                                                                                                                        • SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 0EE39CFF
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE39BB8: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,0EE39C7D), ref: 0EE39BCF
                                                                                                                                                                                                                                                                                          • Part of subcall function 0EE39BB8: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,0EE39C7D), ref: 0EE39BEC
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Thread$LanguagesPreferred$Language
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2255706666-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 93e4ca74f35cd215a94f6a6e55b52a65af6c444655d82d47862480357fb69bad
                                                                                                                                                                                                                                                                                        • Instruction ID: 2c0b847c24d38f155f4745853430d76411a4bf0d20ce41f267caa2aaf3947551
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93e4ca74f35cd215a94f6a6e55b52a65af6c444655d82d47862480357fb69bad
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E316130A1021D9BDB10DFB8C888AEEB3F5FF44315F605565D525E728AE7B59E04CB90
                                                                                                                                                                                                                                                                                        Function 6C5D261F Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D16B0: _free.LIBCMT ref: 6C5D16BE
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D36CE: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,6C5D6302,?,00000000,00000000), ref: 6C5D3770
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 6C5D2687
                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 6C5D268E
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 6C5D26CD
                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 6C5D26D4
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 167067550-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 0e2dbd3f3afe23b7bc6bfe03671ce9d7b079214c83924487ee8b022b1e89f68e
                                                                                                                                                                                                                                                                                        • Instruction ID: 1ce32d2b3655cd36070098d8bea42147c17d94c02780d36963e0a115bff64932
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e2dbd3f3afe23b7bc6bfe03671ce9d7b079214c83924487ee8b022b1e89f68e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0821A171604305EF97109FAE8C98D5BB7BCEF453687068615F91897A51DB31FC40CBA8
                                                                                                                                                                                                                                                                                        Function 0F02FF1C Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 65sleepCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000014), ref: 0F02FF4B
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(-000002F4,00000000,0F03013B), ref: 0F02FF92
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(-000002F4,0F02FFD6,0F03013B), ref: 0F02FFC9
                                                                                                                                                                                                                                                                                          • Part of subcall function 0F028794: EnterCriticalSection.KERNEL32(?,?,?,0F0301B6,00000000,0F08A37C,00000000,0F08A469,?,00000000,0F08A48C,?,?,?,?), ref: 0F02879F
                                                                                                                                                                                                                                                                                          • Part of subcall function 0F028794: LeaveCriticalSection.KERNEL32(?,?,?,?,0F0301B6,00000000,0F08A37C,00000000,0F08A469,?,00000000,0F08A48C,?,?,?,?), ref: 0F0287B2
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeave$Sleep
                                                                                                                                                                                                                                                                                        • String ID: Stop Viewer
                                                                                                                                                                                                                                                                                        • API String ID: 2348874005-545046930
                                                                                                                                                                                                                                                                                        • Opcode ID: 71dcc19c0fcc1fa54e94b81366000dc3255690352f2825539378657fb08d8ff5
                                                                                                                                                                                                                                                                                        • Instruction ID: 743b0a9a061b403b405afbef76aba580bbeaea3aa0668ed06ee656c0a470bc59
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71dcc19c0fcc1fa54e94b81366000dc3255690352f2825539378657fb08d8ff5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30112630B04209AFEB91DB68C845AAAF7F8EF06348F1000F1F50497252C775AE10C620
                                                                                                                                                                                                                                                                                        Function 6C5CF18C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ___BuildCatchObject.LIBVCRUNTIME ref: 6C5CF1A6
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5CF0F3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 6C5CF122
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5CF0F3: ___AdjustPointer.LIBCMT ref: 6C5CF13D
                                                                                                                                                                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 6C5CF1BB
                                                                                                                                                                                                                                                                                        • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 6C5CF1CC
                                                                                                                                                                                                                                                                                        • CallCatchBlock.LIBVCRUNTIME ref: 6C5CF1F4
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 58e04cd3be65f42a8d20a508fe91b2ac59e46b1badb6711eeb8ea60b5e3eacaf
                                                                                                                                                                                                                                                                                        • Instruction ID: 26efb867ed5a461e91f353b739ad8c014b19ec7a065ca34a8166e89e17366d5f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 58e04cd3be65f42a8d20a508fe91b2ac59e46b1badb6711eeb8ea60b5e3eacaf
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7011732200148FBDF025E95CC40DEB7B69EF98758F144108FA18A6620C332E861DBA1
                                                                                                                                                                                                                                                                                        Function 0589B64C Relevance: 6.0, APIs: 4, Instructions: 49fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,00000000,00000000,?,0589B81E,00000000,00000000,-000000F6), ref: 0589B66C
                                                                                                                                                                                                                                                                                          • Part of subcall function 0589B5FC: GetLocalTime.KERNEL32(?,00000000,00000000,?,0589B81E,00000000,00000000,-000000F6,00000000,?,0589B8E6,Abnormal program termination,0589C0AC,00000000,00000000), ref: 0589B600
                                                                                                                                                                                                                                                                                          • Part of subcall function 0589B5FC: wsprintfA.USER32 ref: 0589B639
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,C0000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,00000000,00000000), ref: 0589B68E
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000,00000000,?,00000000,?,C0000000,00000000,00000000,00000002,00000080), ref: 0589B6A3
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,00000000,00000000,00000000,00000000,?,00000000,?,C0000000,00000000,00000000,00000002), ref: 0589B6A9
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: File$Write$CloseCreateHandleLocalTimewsprintf
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 893966949-0
                                                                                                                                                                                                                                                                                        • Opcode ID: ee580e090e28ff9d25903f8175fe2cbe2a2856c669b78d370ac0245433f25501
                                                                                                                                                                                                                                                                                        • Instruction ID: 3f94bb5c8aab90fe92da174314ab01886b474ca1d5885fb866c43bc16d53af1f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee580e090e28ff9d25903f8175fe2cbe2a2856c669b78d370ac0245433f25501
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68F0367234430439FE24B5A99C4AFBF765CDB85661F244115FA05DE1C1DDA0BD0082B6
                                                                                                                                                                                                                                                                                        Function 10234FE2 Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ___addl
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2260456530-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 7f734e80427065a38080cd269a92ab7413a7b516af9ddb04c57aa32dfc0fe4d2
                                                                                                                                                                                                                                                                                        • Instruction ID: 6675e59875e3698f1de9ed66477d2f1a702b35e08b7cd61328bb5264bd0e1d2e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f734e80427065a38080cd269a92ab7413a7b516af9ddb04c57aa32dfc0fe4d2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6F04FBA400102EFDA109E51DD01A66B7A9FF4C241F144865FD588A830FB22FA79DF91
                                                                                                                                                                                                                                                                                        Function 0EEF3E48 Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(00000000), ref: 0EEF3E55
                                                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,0F22CE10,00000000,0EED3785,?,0F22CE10,?,0F22CE10,0EED1980), ref: 0EEF3E5E
                                                                                                                                                                                                                                                                                        • GlobalFindAtomW.KERNEL32(00000000,?,0F22CE10,00000000,0EED3785,?,0F22CE10,?,0F22CE10,0EED1980), ref: 0EEF3E73
                                                                                                                                                                                                                                                                                        • GetPropW.USER32(00000000,00000000), ref: 0EEF3E8A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Process$AtomCurrentFindGlobalPropThreadWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2582817389-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 444d9d6bfbad976c4d333debb49b802be30ccf5bbddc2544a6944ace6cc130f0
                                                                                                                                                                                                                                                                                        • Instruction ID: cf12dc5da4761271dc7e5bd6b13721a93ccbf1a26fc05645ad8ccf175ed2f1f4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 444d9d6bfbad976c4d333debb49b802be30ccf5bbddc2544a6944ace6cc130f0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D6F0EDA232332DE68A20B6F66CA887B37ED8E102B57113C21FE48D7204E924CC50D3B0
                                                                                                                                                                                                                                                                                        Function 6C5C3330 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: GlobalSize$Read
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 777016912-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 1f322c50ad630b6685cc4677ddef17008ea96cf6813cc040ae60bba0b118da7f
                                                                                                                                                                                                                                                                                        • Instruction ID: 81ac7a3f4184531f2378193fa6fdf6d2ccd58f95785f154e31f24cddbaec7149
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f322c50ad630b6685cc4677ddef17008ea96cf6813cc040ae60bba0b118da7f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9DE01B3630161D56990139EA9D00DDF377DFFC29E97050075E608D3500DB15D40A86FA
                                                                                                                                                                                                                                                                                        Function 0EE898E8 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 0EE898F1
                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,058A00B4), ref: 0EE89903
                                                                                                                                                                                                                                                                                        • GetTextMetricsW.GDI32(00000000), ref: 0EE8990E
                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 0EE8991F
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MetricsObjectReleaseSelectText
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2013942131-0
                                                                                                                                                                                                                                                                                        • Opcode ID: b9589f89e399be96bd26ab4c2f3f27bcc95718e3df89d467fc3a97379f5e537e
                                                                                                                                                                                                                                                                                        • Instruction ID: 4ba9f3bb523adfcd4f69483072366641f43024553204d40bf1c01d6a07955a88
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b9589f89e399be96bd26ab4c2f3f27bcc95718e3df89d467fc3a97379f5e537e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8E02611A021B926D91071740D94BFB36CC8F020B6F082510FD5CCB2D1EB0ACE10C3F6
                                                                                                                                                                                                                                                                                        Function 6C5D7C86 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • WriteConsoleW.KERNEL32(?,?,6C5D4430,00000000,?,?,6C5D76DD,?,00000001,?,00000001,?,6C5D6C8D,00000000,00000000,00000001), ref: 6C5D7C9D
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,6C5D76DD,?,00000001,?,00000001,?,6C5D6C8D,00000000,00000000,00000001,00000000,00000001,?,6C5D71E1,6C5D43C9), ref: 6C5D7CA9
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D7C6F: CloseHandle.KERNEL32(FFFFFFFE,6C5D7CB9,?,6C5D76DD,?,00000001,?,00000001,?,6C5D6C8D,00000000,00000000,00000001,00000000,00000001), ref: 6C5D7C7F
                                                                                                                                                                                                                                                                                        • ___initconout.LIBCMT ref: 6C5D7CB9
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D7C31: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6C5D7C60,6C5D76CA,00000001,?,6C5D6C8D,00000000,00000000,00000001,00000000), ref: 6C5D7C44
                                                                                                                                                                                                                                                                                        • WriteConsoleW.KERNEL32(?,?,6C5D4430,00000000,?,6C5D76DD,?,00000001,?,00000001,?,6C5D6C8D,00000000,00000000,00000001,00000000), ref: 6C5D7CCE
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2744216297-0
                                                                                                                                                                                                                                                                                        • Opcode ID: aee89dbe68e17a505c841d3a4ceaa2b31a86a2bebef8d0aab6e119caeac29069
                                                                                                                                                                                                                                                                                        • Instruction ID: 4153c4286192b55e6bf2893c617e667e7faaaf354fd9cdd887d049f2302c9cff
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aee89dbe68e17a505c841d3a4ceaa2b31a86a2bebef8d0aab6e119caeac29069
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3F0F836600319FFCF121F959C0498A3F76FB4A2A0B074110FA1896230C732A920DB98
                                                                                                                                                                                                                                                                                        Function 6C5D14B9 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D14C2
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D24B1: HeapFree.KERNEL32(00000000,00000000,?,6C5D58F5,?,00000000,?,?,?,6C5D591C,?,00000007,?,?,6C5D55CF,?), ref: 6C5D24C7
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D24B1: GetLastError.KERNEL32(?,?,6C5D58F5,?,00000000,?,?,?,6C5D591C,?,00000007,?,?,6C5D55CF,?,?), ref: 6C5D24D9
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D14D5
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D14E6
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D14F7
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 368c991cd5e098b9e9975ea4a7c16392a429f0bf09b6bcad3e813b961e052501
                                                                                                                                                                                                                                                                                        • Instruction ID: feddfd8e23859dfd6dd87dda21002ea1f168ccdd3affe2b42823e956c8bfbcab
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 368c991cd5e098b9e9975ea4a7c16392a429f0bf09b6bcad3e813b961e052501
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8EE0E6BD710631DACF965F99AD448853E75F7EE6063435007EC1452710C7361E15ABCD
                                                                                                                                                                                                                                                                                        Function 0EE33C5C Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 277windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • MessageBoxA.USER32(00000000,?,0EE327D8,00002010), ref: 0EE34031
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                                                                                                        • String ID: $7
                                                                                                                                                                                                                                                                                        • API String ID: 2030045667-2388253531
                                                                                                                                                                                                                                                                                        • Opcode ID: 9d354b3b609add3cd21860f0e0567f296fe8aac3553e70a9f8b82e28292ac3e1
                                                                                                                                                                                                                                                                                        • Instruction ID: 3ef7ad10f0275dc8481a8db873fd05c697ed890f041ee34ab444f74f285e58dd
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d354b3b609add3cd21860f0e0567f296fe8aac3553e70a9f8b82e28292ac3e1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AEB1CB70B102588BDB21EB3CC888FD8B7F5AB08314F6461E5E469DB385CB749D86CB91
                                                                                                                                                                                                                                                                                        Function 6C5C18D0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 248COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • std::_Winerror_message.LIBCPMT ref: 6C5C194C
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Winerror_messagestd::_
                                                                                                                                                                                                                                                                                        • String ID: LE^l$unknown error
                                                                                                                                                                                                                                                                                        • API String ID: 157395127-3953758324
                                                                                                                                                                                                                                                                                        • Opcode ID: d80f2c440374113ddee96c3de3589b9789feeeb84996f2954891ec5d800d5d7f
                                                                                                                                                                                                                                                                                        • Instruction ID: faeeea6f28e33bb90564684e24961fc85c41b4a7fc95a39698026ee5b964a3e9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d80f2c440374113ddee96c3de3589b9789feeeb84996f2954891ec5d800d5d7f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE81E272704201EBD704CFA8DC80BAAB7A5FF84354F14462EE8158BB81E774E954CBE6
                                                                                                                                                                                                                                                                                        Function 0589C880 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • RaiseException.KERNEL32(0EEFFACE,00000001,00000003,00000000), ref: 0589CABC
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                        • String ID: cctrAddr$xx.cpp
                                                                                                                                                                                                                                                                                        • API String ID: 3997070919-2252814085
                                                                                                                                                                                                                                                                                        • Opcode ID: a1a1087655dd3f6312e333ff09d78918e2844a3afd44f6181541586d7667b049
                                                                                                                                                                                                                                                                                        • Instruction ID: 662e27649b7b5fbab28e38df49740d2744108f422dc81d7c0086abbd3c856f26
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1a1087655dd3f6312e333ff09d78918e2844a3afd44f6181541586d7667b049
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8781F6B5A11209AFDF18DF98D884EAABBB1BF48304F188159F809AB351D731EC41CB95
                                                                                                                                                                                                                                                                                        Function 1022627D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __startOneArgErrorHandling.LIBCMT ref: 1022630D
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                        • String ID: pow
                                                                                                                                                                                                                                                                                        • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                        • Opcode ID: 8ead1500520c691d98e68e3037474551d46752ca1057a8044aadea8a90d187a3
                                                                                                                                                                                                                                                                                        • Instruction ID: f4135714886effe7528cf57f8b7d51048d29e0f7a6b3af46382a8dc411bf185b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ead1500520c691d98e68e3037474551d46752ca1057a8044aadea8a90d187a3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84518EB2E18143C6C725EF54D94135A2BA8DB4C791F708EA9F8D54A1E8EF348CF4CA42
                                                                                                                                                                                                                                                                                        Function 6C5D0DB8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: C:\Program Files (x86)\ImBatch\ImBatch.exe
                                                                                                                                                                                                                                                                                        • API String ID: 0-1522236891
                                                                                                                                                                                                                                                                                        • Opcode ID: d83720986594866935276f03d6b9d1da0345c5b66e532f5c537c682ead7cf89d
                                                                                                                                                                                                                                                                                        • Instruction ID: 5531d0d4b405ca4b14860836aa8d31f7d955dee0c1339963e9287fe4c7477288
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d83720986594866935276f03d6b9d1da0345c5b66e532f5c537c682ead7cf89d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 95415FB1A00399EBDB15DF9D9C8099EBBB8EBCA314F12406BE804D7700D771AE458B58
                                                                                                                                                                                                                                                                                        Function 0F094EF8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • pdfPrintW.WPDFVIEW03(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,0F09506B,?,?,?,00000000,00000000), ref: 0F094FC6
                                                                                                                                                                                                                                                                                        • pdfPrintW.WPDFVIEW03(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,0F09506B,?,?,?,00000000,00000000), ref: 0F095027
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4017725427.000000000EE31000.00000020.00000001.01000000.00000015.sdmp, Offset: 0EE30000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4017698281.000000000EE30000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023199461.000000000F0AD000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023246167.000000000F0B0000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023274010.000000000F0B1000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023327884.000000000F0B5000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0B7000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023359796.000000000F0C8000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023586505.000000000F0CF000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023630287.000000000F110000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023660132.000000000F112000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023689339.000000000F113000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023726151.000000000F115000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023794323.000000000F11A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F11B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F14F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4023822493.000000000F153000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_ee30000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Print
                                                                                                                                                                                                                                                                                        • String ID: MEMORYSIZE=
                                                                                                                                                                                                                                                                                        • API String ID: 3558298466-1669415627
                                                                                                                                                                                                                                                                                        • Opcode ID: a94677108397ebd9be58e5b75ae2438df8b4b4be3be58d174103d5350fe5f1f6
                                                                                                                                                                                                                                                                                        • Instruction ID: 5a2b00e29f660656cb2230a0481338c0b4ee85ece639bcca3d94a18d6e1922e2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a94677108397ebd9be58e5b75ae2438df8b4b4be3be58d174103d5350fe5f1f6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E41DDB0A1421DABDB00EFA8EC95EDFB7F9EF48210F605861A400A7250D674AD09CBE4
                                                                                                                                                                                                                                                                                        Function 6C5D3146 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5D2EEB: GetOEMCP.KERNEL32(00000000,6C5D3161,6C5D07B8,?,00000000,00000000,?,?,6C5D07B8), ref: 6C5D2F16
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D31BE
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 6C5D31F4
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                                                                                        • String ID: (1^l
                                                                                                                                                                                                                                                                                        • API String ID: 269201875-22514371
                                                                                                                                                                                                                                                                                        • Opcode ID: f961d051b21232962ee173fc455f1a7b3a0610c27ce36a68254a90a8fc9faa9e
                                                                                                                                                                                                                                                                                        • Instruction ID: 70696f1c270881d4090305adb9eff224ece4748ba0a791096bfb6c2c2659b6bb
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f961d051b21232962ee173fc455f1a7b3a0610c27ce36a68254a90a8fc9faa9e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB31A0B190430AAFCB00DF9DCC80ADA7BB4AF85319F164159E8149B660EB31AD14CB54
                                                                                                                                                                                                                                                                                        Function 10001C70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 102240FA: __lock.LIBCMT ref: 1022411E
                                                                                                                                                                                                                                                                                        • __time32.LIBCMT ref: 10001CA8
                                                                                                                                                                                                                                                                                          • Part of subcall function 102237CE: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,00000000,10009334,00000000,10009467), ref: 102237D7
                                                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(00000000,00000004,102377F0,00000000,102377F2), ref: 10001CAF
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Time$CurrentFileProcessSystem__lock__time32
                                                                                                                                                                                                                                                                                        • String ID: MAGICK_DEBUG
                                                                                                                                                                                                                                                                                        • API String ID: 1838155570-2375889790
                                                                                                                                                                                                                                                                                        • Opcode ID: 758e2717c4c2fd76ae8a3e23df544aec115d21fc08e776d7cbbb8addc4a8287d
                                                                                                                                                                                                                                                                                        • Instruction ID: 8c53536ccb91deab5ee7f01a23ca7af52c0eba4d4c2c2349a94df05cddb1065b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 758e2717c4c2fd76ae8a3e23df544aec115d21fc08e776d7cbbb8addc4a8287d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2631A4B990434167F224DBA4EC86FDB73E8EF887C0F40481AF64987156EE35E514CB66
                                                                                                                                                                                                                                                                                        Function 102239B7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _strcspn_strncpy
                                                                                                                                                                                                                                                                                        • String ID: _.,
                                                                                                                                                                                                                                                                                        • API String ID: 453994088-2709443920
                                                                                                                                                                                                                                                                                        • Opcode ID: cfbae5e0f3fdd118a8f796fa998ac3c453d2821a2d44c5e246c17190dc3daf89
                                                                                                                                                                                                                                                                                        • Instruction ID: 0f56e9edea5862613756aa09bfd832de92e2740cd8244a9716f13e6d727fe290
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cfbae5e0f3fdd118a8f796fa998ac3c453d2821a2d44c5e246c17190dc3daf89
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4213A325441476EEF208D94F841BDD379EDB022B0FF5C426FCC9DA181C634A9758B91
                                                                                                                                                                                                                                                                                        Function 6C5CB4E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 6C5CB62D
                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 6C5CB636
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                                                                                                                                                                        • String ID: list<T> too long
                                                                                                                                                                                                                                                                                        • API String ID: 3614006799-4027344264
                                                                                                                                                                                                                                                                                        • Opcode ID: fc8ca0f79bd138dd2dccf6d7e73564619a6b2e705ac35393cdded0d7de1ab221
                                                                                                                                                                                                                                                                                        • Instruction ID: 370c20d475a5a0e24ad9776daaa9356a8908d9c9e1891008a3a07f1655d06ba5
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc8ca0f79bd138dd2dccf6d7e73564619a6b2e705ac35393cdded0d7de1ab221
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 44210775A00219EFCB14DF98C980BAEBBF4EB48714F10856AE919E7B40D730AD00CBA5
                                                                                                                                                                                                                                                                                        Function 10009310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __time32.LIBCMT ref: 1000932F
                                                                                                                                                                                                                                                                                          • Part of subcall function 102237CE: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,00000000,10009334,00000000,10009467), ref: 102237D7
                                                                                                                                                                                                                                                                                          • Part of subcall function 1000DB30: GetVersionExA.KERNEL32(00000094), ref: 1000DB56
                                                                                                                                                                                                                                                                                          • Part of subcall function 1000DB30: GetSystemTime.KERNEL32(?), ref: 1000DB68
                                                                                                                                                                                                                                                                                          • Part of subcall function 1000DB30: SystemTimeToFileTime.KERNEL32(?,?), ref: 1000DB78
                                                                                                                                                                                                                                                                                          • Part of subcall function 1000CD00: GetSystemTime.KERNEL32(?,?,?,?,?,?,100257AF), ref: 1000CD08
                                                                                                                                                                                                                                                                                          • Part of subcall function 1000CD00: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,100257AF), ref: 1000CD18
                                                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(00000000,00000004,00000000), ref: 10009387
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Time$System$File$CurrentProcessVersion__time32
                                                                                                                                                                                                                                                                                        • String ID: /dev/urandom
                                                                                                                                                                                                                                                                                        • API String ID: 3583418847-2096490039
                                                                                                                                                                                                                                                                                        • Opcode ID: f81c360c2f1cf3418b79c7986209627ca4fa49f93a24ad9b7a313aaf991c66d4
                                                                                                                                                                                                                                                                                        • Instruction ID: b356bc8f68f1f083a15d4ab3071e19f846c53f971d76e7a20a5eeb458445455d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f81c360c2f1cf3418b79c7986209627ca4fa49f93a24ad9b7a313aaf991c66d4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3D3186B5914345ABE320DB64C846FDFB3ECEF88754F40891DF28856085DA75E618CBA2
                                                                                                                                                                                                                                                                                        Function 6C5CA010 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 6C5CA140
                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 6C5CA149
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                                                                                                                                                                        • String ID: list<T> too long
                                                                                                                                                                                                                                                                                        • API String ID: 3614006799-4027344264
                                                                                                                                                                                                                                                                                        • Opcode ID: a5572377e7c8b37226bccb2323354dfed50b54e000677ac362e3976d8f0a34f0
                                                                                                                                                                                                                                                                                        • Instruction ID: b44a6eb8b94821bb6a239ed5d4f4e969e68879c05ca54c6b72cc8e0a262c3c72
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5572377e7c8b37226bccb2323354dfed50b54e000677ac362e3976d8f0a34f0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 431129B5A006099FCB00DF98CD44B9EBBF8EB89714F10852EE919E7B40D731A9008BA5
                                                                                                                                                                                                                                                                                        Function 6C5C4830 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetEnvironmentVariableW.KERNEL32(PATH,?,?), ref: 6C5C485D
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5C4886), ref: 6C5C4875
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: EnvironmentFreeLibraryVariable
                                                                                                                                                                                                                                                                                        • String ID: PATH
                                                                                                                                                                                                                                                                                        • API String ID: 40857886-1036084923
                                                                                                                                                                                                                                                                                        • Opcode ID: 5a77e53ecf6d5114ecbb2d5b648317ac6adcbc4584fca697ef658c47e9b1c4b8
                                                                                                                                                                                                                                                                                        • Instruction ID: 9ba9dc034c6fba693fe6d99d4c57a1960991a49372fd4eb14ae64fa153824877
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a77e53ecf6d5114ecbb2d5b648317ac6adcbc4584fca697ef658c47e9b1c4b8
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B21DE717002048BD728DF98CC94BBBB3EAEFC1204F14482DE0A687A40DB30B955CB92
                                                                                                                                                                                                                                                                                        Function 6C5D454E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                                                                                        • String ID: H6^l
                                                                                                                                                                                                                                                                                        • API String ID: 269201875-1061055301
                                                                                                                                                                                                                                                                                        • Opcode ID: 39f60c2ed023b73916e76213287575f80bfc2fe2d94216c675254abf3ed3965f
                                                                                                                                                                                                                                                                                        • Instruction ID: 3fdc70e9a69c49358a1e71961a4f87953264341c898e0b63ec75d526ee378343
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39f60c2ed023b73916e76213287575f80bfc2fe2d94216c675254abf3ed3965f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7117C71B143109ADB20DFAD9C45F4532B9A78A729F174616E921CFAC1E374F8468B88
                                                                                                                                                                                                                                                                                        Function 6C5D2093 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                                                                                        • String ID: X0^l
                                                                                                                                                                                                                                                                                        • API String ID: 269201875-1806319720
                                                                                                                                                                                                                                                                                        • Opcode ID: e3113a55eb311e499433f52e376340495354a7ab57778e10e877bcff2e6fea5a
                                                                                                                                                                                                                                                                                        • Instruction ID: faeab8e85162e30d081d78b9f3614927ac67813178d150d4a1853c35988bc161
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e3113a55eb311e499433f52e376340495354a7ab57778e10e877bcff2e6fea5a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5201FC39906B21F6D62269AD5C09AEB22284F4677DF134310FE20ABED0D715BC49459C
                                                                                                                                                                                                                                                                                        Function 1000D2B6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 1000D170: GetVersion.KERNEL32(?,1000D229), ref: 1000D171
                                                                                                                                                                                                                                                                                        • _strrchr.LIBCMT ref: 1000D30C
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Version_strrchr
                                                                                                                                                                                                                                                                                        • String ID: GS_DLL$gswin32c.exe
                                                                                                                                                                                                                                                                                        • API String ID: 3217677995-2190718696
                                                                                                                                                                                                                                                                                        • Opcode ID: 9f99a6bf4ebc3797f15d1ea93a3b9ae39cb937f9987e7072d524deedc2f64bf2
                                                                                                                                                                                                                                                                                        • Instruction ID: f167c55bf7193163c68cd224006e9c8a115cce0afd51d147b23712f5ca8ce486
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9f99a6bf4ebc3797f15d1ea93a3b9ae39cb937f9987e7072d524deedc2f64bf2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 38118EB9508240ABE325D754DC85BEF73E8EF99340F41481EA9C9C7282EAF1E9518763
                                                                                                                                                                                                                                                                                        Function 6C5CC313 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 6C5CC8C4
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C5CE149: RaiseException.KERNEL32(?,?,?,6C5CC8E6,?,?,?,?,?,?,?,?,6C5CC8E6,?,6C5E1100), ref: 6C5CE1A9
                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 6C5CC8E1
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                        • String ID: Unknown exception
                                                                                                                                                                                                                                                                                        • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                        • Opcode ID: 4a14cf65fcac28e88634ba988dfc6f6ebc86b2b0a96c03a0f999e6db40c0fe10
                                                                                                                                                                                                                                                                                        • Instruction ID: 88a62fd6fc51be8c307978f7b6d6f74601f6d1b10bca3e37bfcbb881f3681aad
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4a14cf65fcac28e88634ba988dfc6f6ebc86b2b0a96c03a0f999e6db40c0fe10
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9EF0C834E0020DF78B00B7E8EC849CE376CAB40258B60453DA92496E91EF70FA5A81D7
                                                                                                                                                                                                                                                                                        Function 0589C330 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(?,?,00000100), ref: 0589C376
                                                                                                                                                                                                                                                                                        • wsprintfA.USER32 ref: 0589C38F
                                                                                                                                                                                                                                                                                          • Part of subcall function 0589B70C: GetModuleFileNameA.KERNEL32(00000000,?,00000080,-000000F6,00000000,?,0589B8E6,Abnormal program termination,0589C0AC,00000000,00000000,?,0589B8F7,00000016,0589130C,?), ref: 0589B74B
                                                                                                                                                                                                                                                                                          • Part of subcall function 0589B70C: MessageBoxA.USER32(00000000,00000000,00000001,00000000), ref: 0589B796
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • An exception (%08X) occurred during DllEntryPoint or DllMain in module:%s, xrefs: 0589C383
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FileModuleName$Messagewsprintf
                                                                                                                                                                                                                                                                                        • String ID: An exception (%08X) occurred during DllEntryPoint or DllMain in module:%s
                                                                                                                                                                                                                                                                                        • API String ID: 1797794076-3369879043
                                                                                                                                                                                                                                                                                        • Opcode ID: 912951a14e5fbf84287dbd393679085e0c1149040eb7b29ec96e6b2d18a3b8a0
                                                                                                                                                                                                                                                                                        • Instruction ID: aeff770dbf335453c7cdb6c90d1614076550579fd7668f14689a084c629631ec
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 912951a14e5fbf84287dbd393679085e0c1149040eb7b29ec96e6b2d18a3b8a0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 38F0CD766103086BEB24DA18DC85FEBB77CF744310F040699FD08D7241EB716E40CAA1
                                                                                                                                                                                                                                                                                        Function 6C5D3D8B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?), ref: 6C5D3DCB
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CountCriticalInitializeSectionSpin
                                                                                                                                                                                                                                                                                        • String ID: @0\l$InitializeCriticalSectionEx
                                                                                                                                                                                                                                                                                        • API String ID: 2593887523-3765050465
                                                                                                                                                                                                                                                                                        • Opcode ID: 45fe83227e68c042c27dadffffff67e09c0dd0293898ab182166ab7ca956026f
                                                                                                                                                                                                                                                                                        • Instruction ID: 3f85238ddd1d5dbda7c5f5235bff0e8c57351034dff6f399b1e8d77543c0679c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 45fe83227e68c042c27dadffffff67e09c0dd0293898ab182166ab7ca956026f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80E09236140318FBCF012E99CC08DCE3F25EB443A1F028424F91D96A20C732B821AA9C
                                                                                                                                                                                                                                                                                        Function 6C5D3C8C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Alloc
                                                                                                                                                                                                                                                                                        • String ID: @0\l$FlsAlloc
                                                                                                                                                                                                                                                                                        • API String ID: 2773662609-2375042951
                                                                                                                                                                                                                                                                                        • Opcode ID: 42ae0da3288bbd734527e7b562341b80f56cded648a3aef41e31384a378b7f0d
                                                                                                                                                                                                                                                                                        • Instruction ID: 399ef894f7347137fadd89f12de803e55fe5c9fccce5530677d2ad016a692f4a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 42ae0da3288bbd734527e7b562341b80f56cded648a3aef41e31384a378b7f0d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2BE0C232680764A3EA01339C5C0898A3F24CB91671B070415FA0852B108B61785582DD
                                                                                                                                                                                                                                                                                        Function 6C5D0052 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • try_get_function.LIBVCRUNTIME ref: 6C5D0067
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4039976781.000000006C5C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5C0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4039948694.000000006C5C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040195438.000000006C5DA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040297886.000000006C5E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4040334543.000000006C5E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_6c5c0000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: try_get_function
                                                                                                                                                                                                                                                                                        • String ID: @0\l$FlsAlloc
                                                                                                                                                                                                                                                                                        • API String ID: 2742660187-2375042951
                                                                                                                                                                                                                                                                                        • Opcode ID: f436d7d79a177454f553c5b5c12244627542676fc32d3ae7efee664dfb1a164c
                                                                                                                                                                                                                                                                                        • Instruction ID: 65dcb062d733d97c29d1985bf979b555c8b8d64fbe1846ffdcb48a4560d85338
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f436d7d79a177454f553c5b5c12244627542676fc32d3ae7efee664dfb1a164c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88D02E32B41328B3CA0036D89C08BEA7E24CB416B7F020062FE0CA1F00D661784092CE
                                                                                                                                                                                                                                                                                        Function 0589C480 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 10libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleHandleA.KERNEL32(00000000,___CPPdebugHook), ref: 0589C487
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 0589C48D
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                        • String ID: ___CPPdebugHook
                                                                                                                                                                                                                                                                                        • API String ID: 1646373207-76456168
                                                                                                                                                                                                                                                                                        • Opcode ID: e90d05077908db89c8fccca4f07cbf6d8fe996235070eef10e11499a8d4ff5f5
                                                                                                                                                                                                                                                                                        • Instruction ID: d46fb8dadde5b46bc407f33f14ec4892dcda7c2044b9619c8d25e3170e4e7a4f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e90d05077908db89c8fccca4f07cbf6d8fe996235070eef10e11499a8d4ff5f5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96C012B46113019AFF08BB60690FB193ED87344600F480014AD21D9141EA7A1C884655
                                                                                                                                                                                                                                                                                        Function 05898AC8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 10libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleHandleA.KERNEL32(00000000,___CPPdebugHook), ref: 05898ACF
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 05898AD5
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                        • String ID: ___CPPdebugHook
                                                                                                                                                                                                                                                                                        • API String ID: 1646373207-76456168
                                                                                                                                                                                                                                                                                        • Opcode ID: dec181afcd13f30d471e35316b12a2551b6744862f3561bbd683b6bfef31aa66
                                                                                                                                                                                                                                                                                        • Instruction ID: ffc237648ddc93ea0ba33b6bc102ec1f055049b453cceccfd79d174c0805c067
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dec181afcd13f30d471e35316b12a2551b6744862f3561bbd683b6bfef31aa66
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9BC012706913109FFE18BF249B4BF043DE87380620FA84418ADA1E7163CAFD2C288A52
                                                                                                                                                                                                                                                                                        Function 05896BB4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8libraryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(borlndmm), ref: 05896BB9
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • hrdir_b.c: LoadLibrary != mmdll borlndmm failed, xrefs: 05896BC6
                                                                                                                                                                                                                                                                                        • borlndmm, xrefs: 05896BB4
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                        • String ID: borlndmm$hrdir_b.c: LoadLibrary != mmdll borlndmm failed
                                                                                                                                                                                                                                                                                        • API String ID: 1029625771-3092248643
                                                                                                                                                                                                                                                                                        • Opcode ID: f21c391907e5f5640c5e21e83734468741db2205918468312dfa16fce7dce0d1
                                                                                                                                                                                                                                                                                        • Instruction ID: 790273b6ded01e0bcb08ce79abbd91189be738ec478431d57dc43df955aa9f94
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f21c391907e5f5640c5e21e83734468741db2205918468312dfa16fce7dce0d1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97B012FB3C5300523C7CB7D8B4A7C08368D744C50232C0805ED93D4A50BEE42C607923
                                                                                                                                                                                                                                                                                        Function 05896474 Relevance: 5.2, Strings: 4, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: DpiX$DpiY$ImageCount$JBig image
                                                                                                                                                                                                                                                                                        • API String ID: 0-4002728235
                                                                                                                                                                                                                                                                                        • Opcode ID: 9fbb177c4743b7e676781d6abd6e37924a1d7598deb49df57b23e6c50b516911
                                                                                                                                                                                                                                                                                        • Instruction ID: 96f91629ef59be3dce406e3c8654a4658d3d29d4e0808b56c858938b1812f6b1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9fbb177c4743b7e676781d6abd6e37924a1d7598deb49df57b23e6c50b516911
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC41A772A042506FEB1DDF698C84AAB7BE6DF89200F1DC179ED49CF306EA709D018765
                                                                                                                                                                                                                                                                                        Function 10228978 Relevance: 5.1, APIs: 4, Instructions: 57memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • HeapReAlloc.KERNEL32(00000000,00000050,00000000,10228F69,00000000,?,?), ref: 1022899F
                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,10228F69,00000000,?,?), ref: 102289D8
                                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 102289F6
                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000,?), ref: 10228A0D
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4027498390.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4027457357.0000000010000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010237000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.000000001025B000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010268000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.00000000102FE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4032469753.0000000010319000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010354000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001035A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.000000001036D000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010391000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034087567.0000000010393000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034346785.0000000010394000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034393405.0000000010396000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034446428.00000000103BC000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034483191.00000000103C2000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4034508568.00000000103C5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_10000000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AllocHeap$FreeVirtual
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3499195154-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f1846f672342406b629ec8d8858b9ff4e13a2af8124f880355193314b8b21d41
                                                                                                                                                                                                                                                                                        • Instruction ID: 5d549b4c524c0da9671f9097fa8c65c8b8b0daaa8902d295d1a109764cb42b7e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1846f672342406b629ec8d8858b9ff4e13a2af8124f880355193314b8b21d41
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C116035200212AFD7358F58DEC59127BBAFBC5360B60491AF15DC65F0CBB1A891CB10
                                                                                                                                                                                                                                                                                        Function 0589DAC3 Relevance: 5.0, Strings: 4, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.4010709792.0000000005891000.00000020.00000001.01000000.00000010.sdmp, Offset: 05890000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010643977.0000000005890000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010885004.000000000589F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4010947541.00000000058A0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011012864.00000000058A2000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.4011093575.00000000058A7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_5890000_ImBatch.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: ((unsigned __far *)vftAddr)[-1] == 0$IS_CLASS(varType->tpMask)$xx.cpp$xx.cpp
                                                                                                                                                                                                                                                                                        • API String ID: 0-575070939
                                                                                                                                                                                                                                                                                        • Opcode ID: fb57e0a08ec850efe6b3387c6d9c25a864dc26c40c8c59580c695f7be088db12
                                                                                                                                                                                                                                                                                        • Instruction ID: fc087048608c1e65bae2bf95726a50cf79d4b80955f2f9bee0b2fa4c093b0d4f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb57e0a08ec850efe6b3387c6d9c25a864dc26c40c8c59580c695f7be088db12
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1D0180327453589BEF04CE5CC8C9A19F7A6AB45725F1C8161ED14DF285C3B09C50CBA5